Ethical Hacking News
Apple has patched a critical zero-day vulnerability in Webkit that could allow maliciously crafted web content to break out of the security sandbox. iOS and iPadOS 18.3.2 is now available, but users are urged to install it quickly to minimize risk.
The latest iPhones and iPads have a critical zero-day vulnerability in Webkit that may have been exploited in targeted attacks.The vulnerability can be used to break out of the Web Content sandbox, potentially gaining access to sensitive information or controlling devices.Apple has released an update (iOS 18.3.2) to fix the issue and is recommending users install it as soon as possible.Users targeted by well-funded law enforcement agencies or nation-state spies should be especially cautious and install updates within 36 hours of becoming available.
Apple has recently patched a critical zero-day vulnerability in virtually all iPhones and iPad models, which may have been exploited in an "extremely sophisticated attack" against specific targeted individuals. The vulnerability, tracked as CVE-2025-24201, resides in Webkit, the browser engine driving Safari and all other browsers developed for iPhones and iPads.
According to Apple's advisory, the impact of this vulnerability is that maliciously crafted web content may be able to break out of the Web Content sandbox. This means that if an attacker were able to create a malicious website or application using this vulnerability, they could potentially gain access to sensitive information or take control of the device.
The vulnerability is attributed to a bug that writes to out-of-bounds memory locations. Apple has released an update that brings the latest versions of both iOS and iPadOS to 18.3.2, which is the recommended update for users facing the biggest threat from this vulnerability.
It's worth noting that while there is no indication that the vulnerability is being opportunistically exploited against a broader set of users, it's still a good practice to install updates within 36 hours of becoming available. This is especially important for individuals who are targets of well-funded law enforcement agencies or nation-state spies, as they may be more vulnerable to exploitation.
In an effort to minimize the risk of this vulnerability being exploited, Apple has released a supplementary fix that addresses the attack that was blocked in iOS 17.2. However, it's not clear whether the vulnerability was discovered by one of Apple's researchers or someone outside the company.
The update is available now for download, and users are encouraged to install it as soon as possible to ensure their device remains secure.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Zero-Day-Vulnerability-in-Webkit-What-You-Need-to-Know-About-the-Latest-iOS-Update-ehn.shtml
Published: Tue Mar 11 18:56:26 2025 by llama3.2 3B Q4_K_M
