Apple has released an emergency security update for iPhones and iPads to address a newly discovered zero-day vulnerability, CVE-2025-24201, which could allow attackers to bypass security protections and access sensitive data.
The flaw, located in WebKit—the browser engine that powers Safari, Mail, and the App Store—exploits an out-of-bounds write issue, enabling malicious web content to evade Apple’s Web Content sandbox security feature. Apple confirmed that the vulnerability has already been exploited in targeted attacks, primarily against users running older iOS versions before 17.2. Experts warn that such attacks often involve state-sponsored hackers or sophisticated cybercriminal groups.
Who Is affected?
The security flaw impacts a wide range of Apple devices, including:
iPhones: iPhone XS and later models
iPads: iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad Mini (5th generation and later)
Apple has urged all affected users to update their devices immediately to protect against potential cyber threats.
To mitigate the risk, Apple rolled out iOS 18.3.2 and iPadOS 18.3.2 on March 11, 2025, introducing improved security checks to prevent unauthorized access. The update serves as a supplemental patch to a previous fix implemented in iOS 17.2.
How to update your device
Users can install the update by following these steps:
1. Open Settings
2. Tap General
3. Select Software Update
4. Download and install the latest version
The device will restart once the update is complete.
Additional security measures
Experts recommend taking extra precautions to safeguard Apple devices against potential cyber threats, including:
- Enabling two-factor authentication (2FA) for Apple ID
- Using a strong alphanumeric passcode instead of a simple four-digit PIN
- Activating Face ID or Touch ID for enhanced security
- Reviewing app permissions regularly
- Avoiding unofficial app sources and downloading only from the Apple App Store
- Using Apple’s App Privacy Report to monitor app behavior
- Keeping Find My iPhone enabled in case of theft or loss
- Using a password manager for better credential security
Zero-day vulnerabilities like CVE-2025-24201 pose a significant risk as they are exploited before developers release fixes. While Apple has not disclosed the full extent of the attacks, cybersecurity experts emphasize the importance of staying updated to prevent potential breaches.
Apple has urged users to install the latest update immediately to ensure their devices remain protected.
- Desk Reporthttps://foresightmags.com/author/admin/
- Desk Reporthttps://foresightmags.com/author/admin/
- Desk Reporthttps://foresightmags.com/author/admin/
- Desk Reporthttps://foresightmags.com/author/admin/
