Apple has issued a critical security update for iPhones and iPads to address a newly discovered zero-day vulnerability, CVE-2025-24201. This flaw, found in WebKit—the core engine behind Safari, Mail, and the App Store—could allow attackers to bypass security measures and gain access to sensitive information.
Details of the Vulnerability
The security issue stems from an out-of-bounds write flaw in WebKit, enabling malicious web content to bypass Apple’s Web Content sandbox security feature. Apple has confirmed that the vulnerability has already been exploited in targeted attacks, primarily affecting users with older iOS versions before 17.2. Experts warn that such security breaches are often linked to state-sponsored cyber threats or highly sophisticated hacking groups.
Affected Devices
The vulnerability affects a broad range of Apple devices, including:
- iPhones: iPhone XS and later models
- iPads: iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and newer), iPad Pro 11-inch (1st generation and newer), iPad Air (3rd generation and newer), iPad (7th generation and newer), and iPad Mini (5th generation and newer)
Apple has strongly advised all affected users to update their devices immediately to prevent potential security breaches.
Security Patch Release
To counter the risk, Apple has launched iOS 18.3.2 and iPadOS 18.3.2 on March 11, 2025. These updates introduce enhanced security checks to block unauthorized access and serve as an additional patch following the previous fix in iOS 17.2.
How to Update Your Device
Users can install the latest security update by following these steps:
- Open Settings
- Tap General
- Select Software Update
- Download and install the latest version
- Restart the device after installation
Additional Security Measures
To further protect their devices, Apple users are encouraged to take extra precautions, including:
- Enabling Two-Factor Authentication (2FA) for Apple ID
- Using a strong alphanumeric passcode instead of a simple four-digit PIN
- Activating Face ID or Touch ID for enhanced security
- Regularly reviewing app permissions
- Downloading apps only from the Apple App Store
- Utilizing Apple’s App Privacy Report to monitor app behavior
- Keeping Find My iPhone enabled in case of theft or loss
- Using a password manager for better credential security
Importance of Immediate Action
Zero-day vulnerabilities like CVE-2025-24201 are particularly dangerous because cybercriminals exploit them before developers release fixes. While Apple has not disclosed the full scope of the attacks, cybersecurity experts stress the importance of staying updated to prevent potential security threats.
Apple urges all users to install the latest update as soon as possible to keep their devices protected from emerging cyber risks.
