Critical iPhone Update: Apple Patches Vulnerability Exploited in Sophisticated Attacks
Apple has released a crucial update to address a vulnerability in iPhone and iPad devices that was actively exploited by cybercriminals. Learn how to protect your device and stay secure.
TL;DR
Apple has released a critical update for iPhone and iPad devices to patch a vulnerability that was actively exploited by cybercriminals. Users are urged to update their devices immediately to protect against sophisticated attacks.
Update Your iPhone Now: Apple Patches Vulnerability Used in Extremely Sophisticated Attacks
Apple has released a critical update to address a vulnerability in iPhone and iPad devices that was actively exploited by cybercriminals. This update is essential for users of the following devices:
- iPhone XS and later
- iPad Pro 13-inch
- iPad Pro 12.9-inch 3rd generation and later
- iPad Pro 11-inch 1st generation and later
- iPad Air 3rd generation and later
- iPad 7th generation and later
- iPad mini 5th generation and later
Users of these devices should install the update as soon as possible to protect against sophisticated attacks. To check for the latest software version, go to Settings (or System Settings) > General > Software Update. It is also recommended to turn on Automatic Updates, which can be done on the same screen.
Affected Systems and Updates
Security updates have been issued for the following systems:
| Update | Affected Systems |
|---|---|
| Safari 18.3.1 | macOS Ventura and macOS Sonoma |
| iOS 18.3.2 and iPadOS 18.3.2 | iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later |
| macOS Sequoia 15.3.2 | macOS Sequoia |
| visionOS 2.3.2 | Apple Vision Pro |
Users of Malwarebytes for iOS can use the app to check if an update is needed and be guided through the update process.
Technical Details
WebKit is the browser engine developed by Apple that helps display web content in applications. It allows apps to show web pages without the need for a full web browser. WebKit is used in many Apple products, such as Safari, Mail, and the App Store, as well as in other devices like PlayStation consoles and Amazon Kindle e-readers.
The actively exploited vulnerability is tracked as CVE-2025-24201.
“An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).”
Simply put, an attacker could send or lure a target to open a web page which would cause an overflow in the allocated memory for WebKit. The overflow would then enable the attacker to escape from the Web Content Sandbox, which is a security feature used in web browsers to isolate web content, such as web pages and scripts, from the rest of the system. It’s designed to stop malicious code from accessing sensitive system resources or user data outside of the browser.
About a month ago, it was reported how Apple fixed another extremely sophisticated attack that was used against targeted individuals. This one is much more likely to be used against more users, so it is essential to prioritize updating your phone as soon as possible.
Conclusion
Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS and Malwarebytes for Android today.
For more details, visit the full article: source
Additional Resources
For further insights, check: