Apple has rolled out important updates iOS 18.3.2 and iPadOS 18.3.2 to fix a critical vulnerability, CVE-2025-24201, affecting WebKit. This flaw allows malicious web content to bypass security protocols, posing a potential risk. The updates are available for various iPhone and iPad models and were prompted by reports of this vulnerability being exploited in sophisticated attacks. Apple has a tradition of providing minimal details regarding security flaws to avoid aiding threat actors. The previous version, 17.2, had already addressed some related exploitation risks.
Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.
Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2.
Collection
[
|
...
]