iPhone users should update to iOS 18.3.2 immediately to fix 0-day exploited in ‘extremely sophisticated attack’

On Tuesday, with iOS 18.3.2, Apple rolled out a fix for a severe zero-day flaw affecting nearly all supported iPhone and iPad models, warning that it might have been leveraged in “an extremely sophisticated attack targeting specific individuals” on older iOS versions.
The flaw, identified as CVE-2025-24201, lurks in Webkit—the engine powering Safari and all other browsers built for iPhones and iPads. Impacted devices include the iPhone XS and newer, iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation onward), iPad Pro 11-inch (1st generation onward), iPad Air (3rd generation onward), iPad (7th generation onward), and iPad mini (5th generation onward). The issue originated from a bug causing writes to out-of-bounds memory locations.
Dan Goodin for Ars Technica:
‎

“Impact: Maliciously crafted web content may be able to break out of Web Content sandbox,” Apple wrote in a bare-bones advisory. “This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.)”
The advisory didn’t say if the vulnerability was discovered by one of its researchers or by someone outside the company. This attribution often provides clues about who carried out the attacks and who the attacks targeted. The advisory also didn’t say when the attacks began or how long they lasted.
The update brings the latest versions of both iOS and iPadOS to 18.3.2. Users facing the biggest threat are likely those who are targets of well-funded law enforcement agencies or nation-state spies. They should install the update immediately. While there’s no indication that the vulnerability is being opportunistically exploited against a broader set of users, it’s a good practice to install updates within 36 hours of becoming available.

‎
MacDailyNews Take: Everyone should upgrade to iOS 18.3.2 (and iPadOS 18.3.2) as soon as possible.

‎
Please help support MacDailyNews — and enjoy subscriber-only articles, comments, chat, and more — by subscribing to our Substack: macdailynews.substack.com. Thank you!
Support MacDailyNews at no extra cost to you by using this link to shop at Amazon.
The post iPhone users should update to iOS 18.3.2 immediately to fix 0-day exploited in ‘extremely sophisticated attack’ appeared first on MacDailyNews.