On Tuesday, Apple fixed a serious vulnerability that affects almost all current iPhone and iPad models. This flaw could have been used in highly targeted attacks against specific individuals using older iOS versions.
The issue, labeled CVE-2025-24201, is linked to WebKit, the browser engine powering Safari and other browsers on Apple devices. The affected models include the iPhone XS and later, various iPad Pro models, iPad Air from the 3rd generation onward, iPad 7th generation and newer, as well as the iPad mini 5 and later. The vulnerability is caused by a bug that allows access to out-of-bounds memory areas.
Additional Fix
Apple stated, “Impact: Maliciously crafted web content may be able to break out of Web Content sandbox.” This fix is an important addition to an earlier patch included in iOS 17.2, which had already blocked some forms of this attack. While Apple noted that the issue may have been exploited in targeted attacks, they didn’t disclose whether their researchers or external parties found the vulnerability.
The advisory did not reveal specifics about when the attacks started or who was behind them. The latest update brings iOS and iPadOS to version 18.3.2. Those who may be especially vulnerable are likely targets for well-funded law enforcement or state-sponsored groups. It’s best for them to update their devices right away. Even if the wider population isn’t at immediate risk, it’s wise to install updates soon after they are released.
Check out this related article: Major Apple Software Update Set to Transform Your iPhone, iPad, and Mac – Here’s What You Need to Know!
Source link