Apple on Tuesday liberated The security update to solve the lack of zero day, which, he said, was used in “extremely complex” attacks.
The vulnerability was assigned to CVE-2025-24201 and is introduced into the Webkit Web Browser component.
This has been described as a recording problem that can allow an attacker to produce a malicious web content so it can escape from the web content.
Apple said she resolved the issue of improving the check to prevent unauthorized actions. He also noted that this is an additional correction for the attack that was blocked iOS 17.2.
In addition, he admitted that vulnerability “may have been used in an extremely difficult attack on specific targets on iOS versions to iOS 17.2.”
However, the consultation does not mention whether the Apple security team appeared or reported an external researcher. It is also not mentioned when the attacks began, how long they lasted and who was aimed.
Update is available for subsequent devices and operating system versions –
- iOS 18.3.2 and iPados 18.3.2 -iphone XS, and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation, and later, iPad Pro 11-in-generation, and later, iPad Air 3rd generation, and later, iPad 7th generation, and later, and iPad mini 5th generation, and later
- MacOS Sequoia 15.3.2 – Macs that manages MacOS Sequoia
- Safari 18.3.1 – Macs working on MacOS Ventura and Macos Sonoma
- Visionos 2.3.2 – Apple Vision Pro
With the latest Apple development has addressed a total of three active zero days in its software since the beginning of the year, the other two creatures Cve-2025-24085 and Cve-2025-24200.
