Apple has released iOS 18.3.2 to patch a significant WebKit vulnerability identified as CVE-2025-24201, which could allow malicious web content to escape its sandbox and execute unauthorized actions on iOS devices. This vulnerability was initially fixed in iOS 17.2, but the recent update includes further protections against sophisticated state-sponsored attacks targeting high-profile individuals. Apple has also extended the fix to other operating systems including iPadOS and macOS, emphasizing the urgency of addressing such security flaws swiftly.
Vulnerabilities in WebKit should be patched quickly, as it is the framework that powers Safari and renders other web-based content, according to Adam Boynton from Jamf.
In this particular flaw, attackers were able to use maliciously crafted web content to escape the iOS Web Content sandbox, allowing access to other parts of the operating system.
Apple has issued the iOS 18.3.2 update to fix a vulnerability initially addressed in iOS 17.2, indicating the need for urgent security measures.
The update was prompted by an extremely sophisticated attack against targeted individuals, hinting at state-sponsored hackers exploiting this vulnerability.
Collection
[
|
...
]