Apple Patches Critical Zero-Day Vulnerability in iPhones and iPads
Vulnerability Overview
Apple has patched a critical zero-day vulnerability in virtually all iPhones and iPad models it supports. The vulnerability, tracked as CVE-2025-24201, resides in Webkit, the browser engine driving Safari and all other browsers developed for iPhones and iPads.
Affected Devices
The vulnerability affects devices including:
- iPhone XS and later
- iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later
- iPad Pro 11-inch 1st generation and later
- iPad Air 3rd generation and later
- iPad 7th generation and later
- iPad mini 5th generation and later
Supplementary Fix
The vulnerability stems from a bug that wrote to out-of-bounds memory locations, allowing malicious web content to break out of the Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2.
Attack Details
The advisory did not specify if the vulnerability was discovered by one of Apple’s researchers or by someone outside the company. Additionally, it did not provide information on when the attacks began or how long they lasted.
Impact
The update brings the latest versions of both iOS and iPadOS to 18.3.2. Users facing the biggest threat are likely those who are targets of well-funded law enforcement agencies or nation-state spies. They should install the update immediately. While there is no indication that the vulnerability is being opportunistically exploited against a broader set of users, it is a good practice to install updates within 36 hours of becoming available.
Conclusion
Apple has taken swift action to patch a critical zero-day vulnerability in its iPhone and iPad devices. It is essential for users to install the update as soon as possible to ensure their devices are protected from potential attacks.
FAQs
Q: What is the vulnerability?
A: The vulnerability is a bug in Webkit that allows malicious web content to break out of the Web Content sandbox.
Q: Which devices are affected?
A: The vulnerability affects iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
Q: When should I install the update?
A: Users facing the biggest threat should install the update immediately. For others, it is a good practice to install updates within 36 hours of becoming available.
Q: Who is at risk?
A: Users who are targets of well-funded law enforcement agencies or nation-state spies are at the highest risk.
