Apple released fixes for an actively exploited vulnerability in attacks against iOS devices. Tracked as CVE-2025-24201, the vulnerability also affects macOS Sequoia and Safari web browser.
The out-of-bounds write flaw exists in the WebKit browser engine. An attacker may exploit the vulnerability by maliciously crafted web content to break out of the Web Content sandbox. Apple addressed the issue with improved checks to prevent unauthorized actions. Apple mentioned in the advisory that “This is a supplementary fix for an attack blocked in iOS 17.2.”
Apple has confirmed that the vulnerability is being exploited in a highly sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.
CISA added the CVE-2025-24201 to its Known Exploited Vulnerabilities Catalog, urging users to patch the flaw before April 3, 2025.
Apple has addressed three actively exploited vulnerabilities with the latest vulnerability this year. The other two are:
Affected Products and Versions
- iPhone XS and later
- iPad 7th generation and later
- iPad Air 3rd generation and later
- iPad mini 5th generation and later
- iPad Pro 11-inch 1st generation and later
- iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later
Mitigation
Apple released the following versions to patch the vulnerabilities:
- Safari 18.3.1
- macOS Sequoia 15.3.2
- iOS 18.3.2 and iPadOS 18.3.2
For more information, please visit the Apple security advisories for macOS Sequoia, Safari, iOS, and iPadOS.
Qualys Detection
Qualys customers can scan their devices with QIDs 382930, 382931, and 610640 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://support.apple.com/en-us/122281
https://support.apple.com/en-us/122283
https://support.apple.com/en-us/122285
