Warning about a very dangerous security vulnerability in Apple products
Recently, Apple quickly released an emergency patch to fix a serious zero-day security vulnerability in WebKit, the platform engine of the Safari web browser and many other applications on its devices.
This security vulnerability can be exploited by hackers to execute malicious code remotely, potentially stealing data or taking control of a user's device. Apple recommends that all users update their software immediately to protect their devices from cybersecurity threats.
Apple has provided more details about a critical security vulnerability assigned CVE-2025-24201, which affects WebKit – the engine that powers the Safari browser and many other applications.
.jpg)
According to Apple, hackers can exploit this vulnerability to create malicious websites or web content to bypass the important security mechanism that helps isolate web browsing processes (Web Content Sandbox).
If successfully exploited, hackers could gain access to other areas of the system, allowing them to perform malicious actions such as stealing data or installing malware.
In the official announcement, Apple emphasized that: "This is an additional fix for an attack that was blocked in iOS version 17.2. We have received reports that this vulnerability may have been exploited in a highly sophisticated, targeted attack against individuals using versions prior to iOS 17.2."
The vulnerability, CVE-2025-24201, is an "out-of-bounds write" security flaw, meaning data can be written to an unknown area of memory, leading to a system crash or allowing an attacker to execute malicious code remotely. Apple addressed the issue by improving memory checks to prevent unauthorized actions.
There is currently no official evidence linking this attack to any hacker group. However, in the past, sophisticated attacks targeting specific individuals have often involved advanced spyware, such as Pegasus from the Israeli company NSO Group.
The security patch is now available for multiple Apple devices, including iPhone XS and later, Macs, iPads, Apple TVs, Apple Watches, and Vision Pro devices. The vulnerability affects all recent versions of the operating system released before March 11, 2025.
Users are recommended to update to the latest versions immediately, including visionOS 2.3.2, iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, and Safari 18.3.1.
This is also the third time in 2025 that Apple has released an emergency security patch for multiple devices at the same time, showing the severity of the vulnerability and the company's efforts to protect users from cybersecurity threats.
