Security Affairs reports that updates have been released by Apple to resolve an out-of-bounds write zero-day vulnerability in its WebKit browser engine, tracked as CVE-2025-24201, which has already been leveraged in "extremely sophisticated" intrusions.Attacks exploiting the flaw — which affects iPhone XS and later, iPad 7th generation and later, iPad mini 5th generation and later, iPad Air 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Pro 12.9-inch 3rd generation and later, and iPad Pro 13-inch, as well as Macs running macOS Sequoia and Apple Vision Pro — could enable the creation of malicious content that could escape the Web Content sandbox, according to an advisory from Apple. Such a zero-day is the third one remediated by Apple so far this year. Immediate application of iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3 has been recommended by the firm, which did not provide additional details regarding the attacks.
Vulnerability Management, Patch/Configuration Management, Threat Intelligence
Actively exploited Apple zero-day addressed

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds