The flaw has been described as an out-of-bounds write issue that could allow an attacker to craft malicious web content.
Updates for a zero-day vulnerability in Apple’s WebKit browser engine have been released.
According to Security Affairs, the vulnerability is tracked as CVE-2025-24201, and has reportedly been leveraged in "extremely sophisticated" intrusions.
According to the Hacker News, the flaw has been described as an out-of-bounds write issue that could allow an attacker to craft malicious web content such that it can break out of the Web Content sandbox.
Sylvain Cortes, VP strategy at Hackuity, said: “The flaw poses a significant risk to users of older versions of the operating system, particularly those released before iOS 17.2. We highly encourage users to update their devices to iOS 18.3.2 as soon as possible to maintain the security and privacy of their data. Keeping devices up to date with the latest software ensures protection from both known and emerging vulnerabilities.”
Immediate application of iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3 has been recommended by the firm, which did not provide additional details regarding the attacks.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
