Vulnerability Management, Patch/Configuration Management, Threat Intelligence

Actively exploited Apple zero-day addressed

Apple fixes actively exploited zero-day. (Adobe Stock)

Security Affairs reports that updates have been released by Apple to resolve an out-of-bounds write zero-day vulnerability in its WebKit browser engine, tracked as CVE-2025-24201, which has already been leveraged in "extremely sophisticated" intrusions.

Attacks exploiting the flaw — which affects iPhone XS and later, iPad 7th generation and later, iPad mini 5th generation and later, iPad Air 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Pro 12.9-inch 3rd generation and later, and iPad Pro 13-inch, as well as Macs running macOS Sequoia and Apple Vision Pro — could enable the creation of malicious content that could escape the Web Content sandbox, according to an advisory from Apple.

Such a zero-day is the third one remediated by Apple so far this year. Immediate application of iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3 has been recommended by the firm, which did not provide additional details regarding the attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds