Warning about a very dangerous security hole in Apple products
Recently, Apple quickly released an emergency patch to fix a serious zero-day security vulnerability in WebKit, the platform engine of the Safari web browser and many other applications on its devices.
This security vulnerability can be exploited by hackers to execute malicious code remotely, potentially stealing data or taking control of users' devices. Apple recommends all users update their software immediately to protect their devices from cybersecurity threats.
Apple has provided more details about the critical security vulnerability, assigned CVE-2025-24201, affecting WebKit – the engine that powers the Safari browser and many other applications.
.jpg)
According to Apple, hackers can exploit this vulnerability to create malicious websites or web content to bypass an important security mechanism that helps isolate web browsing processes (Web Content Sandbox).
If successfully exploited, hackers could gain access to other areas of the system, allowing them to perform malicious actions such as stealing data or installing malware.
In the official announcement, Apple emphasized that: "This is an additional fix for an attack that was blocked in iOS version 17.2. We have received reports that this vulnerability may have been exploited in a highly sophisticated, targeted attack against individuals using versions prior to iOS 17.2."
The CVE-2025-24201 vulnerability is an "out-of-bounds write" security flaw, meaning data can be written to unknown areas of memory, leading to system crashes or allowing attackers to execute malicious code remotely. Apple addressed the issue by improving memory checks to prevent unauthorized actions.
There is currently no official evidence linking this attack to any hacker group. However, in the past, sophisticated attacks targeting specific individuals have often been linked to advanced spyware, such as Pegasus from the Israeli company NSO Group.
The security patch is now available for many Apple devices, including iPhone XS and later, Macs, iPads, Apple TVs, Apple Watches, and Vision Pro devices. The vulnerability affects all recent versions of the operating system released before March 11, 2025.
Users are recommended to update to the latest versions immediately, including visionOS 2.3.2, iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, and Safari 18.3.1.
This is also the third time in 2025 that Apple has released emergency security patches for multiple devices at the same time, showing the severity of the vulnerability and the company's efforts to protect users from cybersecurity threats.
