- Apple released a new solution for iOS and iPados
- It solves a zero-day used in “extremely sophisticated” attack
- This is the third zero-day addressed this year
Apple has released a new patch for iOS and iPados that addresses a vulnerability abused in “extremely sophisticated” attacks. In a security advice published earlier this week, the company said it recently revealed an out-of-bound writ problem in Webkit, its cross-platform web browser engine.
Webkit is used by Apple’s browser, Safari as well as other apps and browsers on MacOS, iOS, Linux and Windows.
Vulnerability is traced as CVE-2025-24201 and can be used to break out of the web content box through custom-built web content. It is not yet awarded a difficulty.
Connection rat
Apparently, the vulnerability was established in iOS 17.2, but can still be exploited in older models: “This is a supplementary solution for an attack blocked in iOS 17.2,” Apple said in the counseling. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack on specific targeted individuals on versions of iOS before iOS 17.2.”
The error was determined with improved controls and thus prevented unauthorized actions. The first clean versions are iOS 18.3.2., IPados 18.3.2, MacOS Sequoia 15.3.2, Visionos 2.3.2 and Safari 18.3.1. According to cyberin pages, the patch applies to a wide range of Apple devices such as iPhones (XS and later), iPads (PRO, Air, Mini and Standard Models from 3rd Generation and Home) and MacOS Sequoia-powered devices.
It is Apple Standard practice to withhold details of the vulnerability until the majority of final points have been patched. Therefore, we do not know who the threat actors of this “extremely sophisticated” attack are or who the victims were.
Bleeping computer reports that this is the third zero-day vulnerability, Apple fixed this year, after January CVE-2025-24085 and February CVE-2025-24200. Last year, the company treated six zero-day vulnerabilities in total.
Via Bleeping computer
