California based Apple has rolled out a critical security update for its devices, addressing a significant vulnerability within its WebKit browser engine. The latest software patches—iOS 18.3.2, iPadOS 18.3.2, and macOS Sequoia 15.3.2—resolve a zero-day flaw (CVE-2025-24201) that was reportedly exploited in highly sophisticated attacks.
Security threat addressed
According to Apple’s release notes, the security flaw in question allowed malicious web content to bypass WebKit’s security sandbox, potentially granting attackers unauthorised access to a user’s system. This vulnerability could be leveraged to execute arbitrary code, posing a serious risk to affected devices.
Moreover, the company also acknowledged that this flaw had been actively exploited in targeted attacks against specific individuals. The vulnerability was originally patched in iOS 17.2, which was released in December 2023. However, Apple has now extended the fix to ensure devices running the latest software versions remain secure.
Apple’s security updates
It is noteworthy that this marks the third time this year that Apple has issued emergency security updates to address serious vulnerabilities. Just last month, the tech giant released iOS 18.3.1 and iPadOS 18.3.1 to fix another major flaw. That particular vulnerability allowed attackers to disable USB Restricted Mode on a locked device—another exploit that was reportedly used in highly sophisticated attacks targeting select individuals.
How to protect your device
The American technology giant is urging users to install the latest updates as soon as possible to safeguard their devices from potential exploits. The security patches are available for eligible iPhones, iPads, and Mac computers, ensuring that users benefit from the most up-to-date protections against emerging cyber threats.
To update your device, navigate to Settings > General > Software Update on iOS and iPadOS, or System Settings > General > Software Update on macOS.
With cyberattacks becoming increasingly advanced, regular software updates remain essential to maintaining device security.