Apple is warning all iPhone and iPad users to immediately update their devices to the latest iOS 18.3.2 and iPadOS 18.3.2 versions due to a serious zero-day vulnerability in WebKit. This engine powers Safari, Mail, the App Store, and other system apps. The flaw, CVE-2025-24201, allows malicious web content to bypass Apple’s Web Content sandbox, potentially enabling hackers to execute unauthorized code and steal sensitive data. Apple has confirmed that this exploit is already being actively used, making this update critical for all users.
What’s Happening & Why This Matters
Apple’s security team has urgently released patches after discovering that attackers are actively exploiting this WebKit flaw. The vulnerability allows cybercriminals to craft harmful web content that can execute malicious code beyond the usual security protections. Users visiting compromised websites could unknowingly expose their devices to remote exploits, malware, and potential data breaches.
The exploit has been observed in targeted attacks against users running older iOS versions, but Apple is urging all users to install the fix, regardless of their current OS version. The company has not disclosed specific attack details, but experts believe this flaw may have been used for surveillance, espionage, and phishing campaigns.
Devices at Risk
Apple has identified a broad range of impacted devices, including:
- iPhone XS and newer models
- iPad Pro 13-inch
- iPad Pro 12.9-inch (3rd gen and later)
- iPad Pro 11-inch (1st gen and later)
- iPad Air (3rd gen and later)
- iPad (7th gen and later)
- iPad mini (5th gen and later)
If you own any of these devices, installing the latest update is essential to protect your data and ensure device security.
How iOS 18.3.2 and iPadOS 18.3.2 Fix the Vulnerability
The latest Apple security update addresses an out-of-bounds write issue, which occurs when software writes data beyond allocated memory, potentially allowing an attacker to run arbitrary code, take control of a device, or crash the system. Apple confirms that improved input validation and strengthened security measures have been applied to prevent unauthorized code execution.
Besides this critical fix, Apple has not publicly detailed additional security patches included in iOS 18.3.2. Still, the fact that this flaw was actively exploited highlights the urgent need to install the update.
How to Update Your iPhone or iPad
Apple strongly advises users to update their devices immediately by following these steps:
- Open Settings on your device.
- Navigate to General > Software Update.
- Tap Download and Install.
- Restart your device after the installation completes.
Users should enable Automatic Updates under their Software Update settings to avoid delays in receiving critical security updates.
TF Summary: What’s Next
Apple’s quick response to CVE-2025-24201 demonstrates its commitment to user security, but this exploit serves as a reminder of the ongoing risks posed by zero-day vulnerabilities. To stay protected, users must update their devices immediately and enable automatic updates to minimize future threats. As cybercriminals develop sophisticated attack methods, timely security patches remain the best defense against evolving cyber threats.
— Text-to-Speech (TTS) provided by gspeech