If you're using an Apple device, update it right now to avoid a zero-day vulnerability

Apple has released emergency security updates to fix a critical zero-day bug in its WebKit browser engine, CVE-2025-24201. The bug has already been exploited actively in what Apple describes as “extremely sophisticated” attacks aimed at specific individuals.

The CVE-2025-24201 vulnerability is an out-of-bounds write vulnerability in WebKit, the engine for Apple’s Safari web browser and other applications. Attackers can exploit it by using specially crafted web content to escape the Web Content sandbox and potentially execute arbitrary code on affected devices.

Is my device affected?

The vulnerability affects a wide range of Apple devices, including:

• iPhone XS and later
• iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation or later), iPad Pro 11-inch (1st generation or later), iPad Air (3rd generation or later), iPad (8th generation or later), iPad mini (5th generation or later)
• Mac computers with macOS Sequoia
• Apple Vision Pro

Apple has addressed this security loophole by providing patches for iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1. Apple acknowledges that the update is an additional fix for an attack previously blocked in iOS 17.2. They did not provide specific details regarding the nature of the attacks, the identities of the victims, or how long the exploitation had continued.

Because of the severity of this vulnerability and the fact that it is being actively exploited, it is strongly recommended that users update their devices immediately to the latest software releases. This proactive measure will afford protection against potential security attacks based on this weakness.

This zero-day vulnerability emphasizes how crucial it is to operate up-to-date software to protect against sophisticated cyber threats. Apple’s quick action to push these security updates shows how ongoing the challenge is to secure devices from rapidly moving attack vectors.