- Apple has published a new correction for iOS and iPados
- It resolves a zero day used in “extremely sophisticated” attacks
- This is the third zero day discussed this year
Apple has published a new patch for iOS and iPados relating to an abused vulnerability in “extremely sophisticated” attacks. In a security notice published earlier this week, the company said it recently discovered an out -of -limited writing problem in Webkit, its Multiplateforme web browser engine.
Webkit is used by the Apple, Safari browser, as well as other applications and browsers on MacOS, iOS, Linux and Windows.
Vulnerability is followed as CVE-2025-24201 and can be used to get web content from sandbox via custom web content. It has not yet been attributed to a gravity score.
Rat Connectwise
Apparently, vulnerability has been set in iOS 17.2, but can still be exploited in older models: “This is an additional solution for an attack that has been blocked in iOS 17.2”, said Apple in the opinion. “Apple is aware of a report that this problem can have been exploited in an extremely sophisticated attack against specific targeted individuals on the versions of iOS before iOS 17.2.”
The bug has been corrected with improved checks, preventing unauthorized actions. The first own versions are iOS 18.3.2., Ipados 18.3.2, macOS Sequoia 15.3.2, Visionos 2.3.2 and Safari 18.3.1. According to Cyberiansider, the patch applies to a wide range of Apple devices such as iPhones (XS and later), iPads (Pro, Air, Mini and standard models from 3rd generation) and macos Sequoia propulsion devices.
This is Apple’s standard practice to refuse details on vulnerability until the majority of the final points have been corrected. Consequently, we do not know who are the actors of the threat of this “extremely sophisticated” attack, nor who were the victims.
BleepingCompute reports that this is the third zero-day vulnerability, Apple fixed this year, after the CVE-2025-24085 of January and the CVE-2025-24200 of February. Last year, the company addressed six zero-day vulnerabilities in total.
Via Bleeping Compompute
