- Apple launched a new solution for iOS and iPados
- Solve a zero day used in “extremely sophisticated” attacks
- This is the third zero day approached this year
Apple has launched a new patch for iOS and Ipados that address an abused vulnerability in “extremely sophisticated” attacks. In a security notice published earlier this week, the company said it recently discovered a writing problem outside the limits on Webkit, its multiplatform web browser engine.
Webkit is used by Apple, Safari browser, as well as other applications and browsers in macos, iOS, Linux and Windows.
Vulnerability is tracked as CVE-2025-24201, and can be used to exit the sandbox web content through custom web content. A gravity score has not yet been assigned.
Rat connected
Apparently, vulnerability was set at iOS 17.2, but it can still be exploited in older models: “This is a complementary solution for an attack that was blocked in iOS 17.2,” Apple said in the notice. “Apple is aware of a report that this problem may have been exploited in an extremely sophisticated attack against specific specific individuals in iOS versions before iOS 17.2”.
The error was solved with improved checks, thus avoiding unauthorized actions. The first clean versions are iOS 18.3.2., Ipados 18.3.2, Macos Sequoia 15.3.2, Visishes 2.3.2 and Safari 18.3.1. According to Cyberinsider, the patch applies to a wide range of Apple devices, such as iPhones (XS and posterior), iPads (PRO, Air, Mini and standard models of the third generation onwards) and devices with sequence of macOS with sequence.
It is a standard Apple practice to retain details about vulnerability until most final points have been repaired. Therefore, we do not know who are the threat actors of this “extremely sophisticated” attack, or who were the victims.
Bleepingcomputer reports that this is the third zero day vulnerability that Apple solved this year, after the CVE-2025-24085 of January and February CVE-2025-24200. Last year, the company approached six zero day vulnerabilities in total.
Through Bleepingcomputer
