Alert! Apple Rushes Out Fix For Zero Day Bug After Hackers Target iPhones, iPads, Macs; Check Full List
Apple has released an urgent security update to address a critical WebKit vulnerability exploited in highly sophisticated attacks. List of affected gadgets include iPhones, iPads and more.
Apple has released an emergency security update to address a WebKit zero-day vulnerability (CVE-2025-24201) that was exploited in "extremely sophisticated" attacks. Apple said that the flaw allowed attackers to break out of the Web Content sandbox, posing serious threat. Apple has asked users to install the latest update immediately. Hackers were targetting iPhones, iPads, and Macs. You can check full list of affected gadgets below.
The vulnerability was found in WebKit, the browser engine powering Safari and various applications across macOS, iOS and other platforms.
What Apple said in an advisory about the zero day bug
“This is a supplementary fix for an attack that was blocked in iOS 17.2," stated Apple in a security advisory released on March 11. The iPhone maker went on to add, “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.”
The exploit enabled attackers to execute arbitrary code using maliciously crafted web content, bypassing security measures within the Web Content sandbox.
Apple software updates
Apple addressed the issue by improving checks in its latest software updates.
The software updates include:
iOS 18.3.2
iPadOS 18.3.2
macOS Sequoia 15.3.2
visionOS 2.3.2
Safari 18.3.1
Apple devices affected by the zero day bug
According to a report in Bleeping Computer, a number of Apple devices were affected. Check the full list of devices below:
Available for:
iPhone XS and later models
iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Mac computers running macOS Sequoia
Apple Vision Pro
Security challenges
The report stated that while Apple has not disclosed who discovered the vulnerability or provided detailed insights into the nature of the “extremely sophisticated” attacks, the company asked users to install the security update immediately.
Though the exploit was reportedly used in targeted attacks, updating devices promptly will mitigate the risk of wider abuse.
This marks the third zero-day vulnerability Apple has patched in 2025, following CVE-2025-24085 in January and CVE-2025-24200 in February. In 2024, the company addressed six zero-days exploited in the wild, reinforcing the ongoing challenge of keeping its ecosystem secure, according to the Bleeping Computer report.
