Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks

发布于 / 英文文章 / 0 条评论
Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks

Apple has released emergency security updates addressing a critical zero-day vulnerability in its WebKit browser engine, identified as CVE-2025-24201, which has been actively exploited in targeted attacks.

The flaw, described as an out-of-bounds write issue, could enable attackers to craft malicious web content capable of breaking out of the Web Content sandbox, potentially leading to unauthorized actions on affected devices.

“Maliciously crafted web content may be able to break out of Web Content sandbox, An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions.” Apple Stated.

The vulnerability affects a wide range of Apple products, including:

  • iOS 18.3.2 and iPadOS 18.3.2: Available for iPhone XS and later models, iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later).
  • macOS Sequoia 15.3.2: Applicable to Macs running macOS Sequoia.
  • Safari 18.3.1: Available for macOS Ventura and macOS Sonoma.
  • visionOS 2.3.2: For Apple Vision Pro.
  • tvOS 18.3.1: Released specifically for Apple TV 4K (3rd generation), though this update has no published CVE entries.

Apple’s security advisory noted that the vulnerability “may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.”

The company implemented improved checks to prevent unauthorized actions, marking this release as a supplementary fix following an earlier mitigation provided in the iOS 17.2 update.

This latest patch is Apple’s third response to actively exploited zero-day vulnerabilities this year, following earlier patches for CVE-2025-24085 in January and CVE-2025-24200 in February.

Apple has not disclosed details regarding the discovery of the flaw, the attackers’ identities, or the targeted victims. Users are strongly advised to update their devices immediately to mitigate potential risks associated with this vulnerability.

Find this Story Interesting! Follow us on Google NewsLinkedIn, and X to Get More Instant Updates

转载原创文章请注明,转载自: Pikachu Hacker » Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks
Not Comment Found