Analysis Summary

Apple has urgently released security updates to patch a critical zero-day vulnerability, CVE-2025-24201, in its WebKit browser engine, which has been actively exploited in targeted attacks. The flaw, identified as an out-of-bounds write issue, could allow attackers to craft malicious web content capable of breaking out of the Web Content sandbox, potentially leading to unauthorized actions on affected devices. Apple addressed this issue by implementing improved security checks to prevent further exploitation.

The vulnerability affects a broad range of Apple products, including iOS 18.3.2 and iPadOS 18.3.2 (covering iPhone XS and later, various iPad models), macOS Sequoia 15.3.2, Safari 18.3.1 for macOS Ventura and Sonoma, visionOS 2.3.2 for Apple Vision Pro, and tvOS 18.3.1 for Apple TV 4K (3rd generation).

Notably, Apple stated that the flaw had been exploited in sophisticated attacks targeting specific individuals on older iOS versions before iOS 17.2. This patch serves as a supplementary fix following an earlier mitigation in iOS 17.2.

This marks Apple's third response to actively exploited zero-day vulnerabilities in 2025, following patches for CVE-2025-24085 in January and CVE-2025-24200 in February. While Apple has not disclosed specifics about the threat actors, attack methods, or victims, the nature of the exploit suggests a highly advanced threat operation. The urgency of this release highlights the ongoing risks posed by unpatched security flaws, particularly in widely used Apple devices.

Given the severity of the issue, Apple strongly advises all users to update their devices immediately. Delaying updates could leave users exposed to sophisticated cyberattacks capable of compromising their data and system security. As threat actors continue to exploit vulnerabilities, maintaining up-to-date software remains a critical defense against potential cyber threats.

Impact

• Remote Code Execution

Indicators of Compromise

CVE

• CVE-2025-24201

Affected Vendors

Remediation

• Install the latest security updates for iOS, iPadOS, macOS, Safari, visionOS, and tvOS to mitigate the risk of exploitation.
• Ensure automatic updates are enabled to receive security patches as soon as they are released.
• Refrain from visiting untrusted or unknown websites that may host malicious web content.
• Consider using an alternative browser with enhanced security settings until updates are applied.
• Keep an eye on device behavior, such as unexpected crashes, sluggish performance, or unauthorized access attempts.
• Organizations should implement web filtering solutions to prevent access to malicious domains.
• Deploy security tools like anti-malware and endpoint protection solutions to detect and mitigate potential threats.
• Regularly check and adjust security settings on Apple devices to enhance protection against emerging threats.
• Follow Apple’s security advisories and cybersecurity news sources to stay updated on emerging vulnerabilities and patches.