Apple has recently announced a critical security vulnerability affecting iPhones, iPads, and other Apple devices, urging users to download the latest software patch immediately. The flaw, identified as CVE-2025-24201, could expose devices to cyberattacks if left unaddressed.
The Security Flaw: CVE-2025-24201
The vulnerability was found in WebKit, the browser engine behind Safari and other internet browsers on iPhones and iPads. The issue stems from an out-of-bounds write problem that allows malicious websites to bypass the browser’s built-in security protections, also known as the sandbox.
When a user visits one of these malicious websites, the flaw could allow attackers to break out of the browser’s protective boundaries and gain control over the entire device. In simple terms, hackers can use harmful websites to exploit the device, gaining access to sensitive areas of your smartphone.
Affected Devices and Software Update
To combat this vulnerability, Apple has released iOS 18.3.2, a crucial update that addresses the flaw and prevents further exploitation. Users are encouraged to update their devices as soon as possible to protect themselves from potential attacks.
You can update your device by following these steps:
Settings > General > Software Update
The security issue impacts iPhone XS and later models, as well as several other Apple devices, including iPads and Macs. The devices affected by the vulnerability include:
- iPhones: iPhone XS and newer models
- iPads: iPad Pro (3rd generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), iPad mini (5th generation and later)
- macOS: macOS Sequoia 15.3.2
- Safari: Safari 18.3.1 for macOS Ventura and macOS Sonoma
- visionOS: Apple Vision Pro running visionOS 2.3.2
What’s at Risk?
This flaw is a zero-day vulnerability, meaning it was actively exploited before Apple was aware of it. Zero-day vulnerabilities are particularly dangerous because they’re unknown to the software vendor, and no fix is available at the time of discovery. Apple has confirmed that the vulnerability was used in highly targeted cyberattacks, although they haven’t disclosed details such as who the victims were or how the attack was discovered.
A Pattern of Vulnerabilities in 2025
This is the third zero-day vulnerability Apple has patched in 2025. The previous two vulnerabilities addressed were:
- January 2025: Apple patched its first zero-day flaw of the year.
- February 2025: A second flaw, which allowed attackers to disable USB Restricted Mode while the device was locked, was also fixed.
Apple’s swift response to these vulnerabilities highlights the growing sophistication of cyberattacks and the importance of timely software updates to keep your devices secure.
Final Call: Update Your Devices Now
Apple has not shared additional details about the attacks, such as how long they lasted or how they were discovered, but experts strongly advise all users to install the latest updates as soon as possible to avoid becoming targets of cybercriminals.
Make sure to update the following:
- iOS 18.3.2 (for iPhones and iPads)
- iPadOS 18.3.2
- macOS Sequoia 15.3.2
- Safari 18.3.1
- visionOS 2.3.2
Keeping your devices up to date is essential for protecting your personal data and ensuring your security. Don’t wait—update today to stay safe from these emerging threats.
Don’t settle for less-than-stellar IT services. Waiting only costs you valuable time, productivity, and peace of mind. If your current MSP isn’t meeting your needs, it might be time for a change. At Info Advantage we focus on making transitions simple and stress-free, providing the expertise and support your business deserves. Let’s work together to ensure your IT is set up for success. Claim a FREE Cybersecurity Assessment to get started: https://www.info-adv.com/free-cyber-assessment