Stay updated with the latest Cybersecurity News on our TecnetBlog.

Apple fixes WebKit Zero-Day exploited in Attacks

Written by Zoilijee Quero | Mar 11, 2025 10:26:34 PM

Apple has just released an emergency security update to fix a zero-day vulnerability that, according to the company, had already been exploited in "extremely sophisticated" attacks. This flaw, identified as CVE-2025-24201, affects WebKit, the engine behind the Safari browser and many other applications on macOS, iOS, and even systems like Linux and Windows.

What's concerning is that this vulnerability appears to be linked to an attack that was previously blocked in iOS 17.2, suggesting that some users running earlier iOS versions may have been at risk without knowing it.

If you own an iPhone, iPad, or Mac, this is something you should pay attention to. In this article, we’ll explain what happened, why this vulnerability is dangerous, and — most importantly — what you can do to stay protected.

 

Apple’s Emergency Fix for CVE-2025-24201

 

Apple released a new update to address this serious zero-day vulnerability, known as CVE-2025-24201. According to Apple, attackers could exploit this flaw by using malicious web content designed to bypass the security restrictions that normally isolate web content.

The issue was linked to an out-of-bounds write error, which cybercriminals can exploit to execute unauthorized actions. Apple resolved the problem by improving security checks in its latest updates:

 

  1. iOS 18.3.2

  2. iPadOS 18.3.2

  3. macOS Sequoia 15.3.2

  4. visionOS 2.3.2

 

Which Devices Are at Risk?

 

The list of affected devices is quite extensive and includes both older and newer models:

 

  1. iPhone XS and later

  2. iPad Pro (13-inch, 12.9-inch from 3rd generation onward, and 11-inch from 1st generation onward)

  3. iPad Air (3rd generation and later)

  4. iPad (7th generation and later)

  5. iPad mini (5th generation and later)

  6. Mac running macOS Sequoia

  7. Apple Vision Pro

 

So far, Apple has not disclosed who discovered this vulnerability or provided specific details about the "extremely sophisticated" attacks linked to it.

 

Should You Be Concerned?

 

While this vulnerability seems to have been exploited mainly in targeted attacks (likely against specific individuals), Apple strongly recommends updating your devices as soon as possible to prevent other attackers from attempting to exploit the same flaw.

 

Read More:  March 2025 Patch Tuesday Microsoft Security Updates

 

Is This Common?

 

Unfortunately, yes. This is already the third zero-day vulnerability Apple has patched this year. The previous two were:

 

  1. CVE-2025-24085 in January

  2. CVE-2025-24200 in February

 

Last year, Apple fixed six similar zero-day vulnerabilities, and in 2023, the company addressed as many as 20 zero-day flaws. This shows that while Apple is known for its robust security measures, cybercriminals are constantly working to find new ways to bypass them. 

The best advice is simple: update your device right away. These updates not only fix this specific vulnerability but also enhance overall security to keep you safe from future threats. Taking a few minutes to update now could save you from potential headaches down the road.
View full post