FILE PHOTO: Apple has released a new patch for a critical zero-day vulnerability for iOS and iPadOS.
| Photo Credit: Reuters
Apple has released a new patch for a critical zero-day vulnerability for iOS and iPadOS. The hardware maker published a security advisory saying that the vulnerability, tracked as CVE-2025-24201, is present in Webkit, the browser engine that drives Safari and other browsers on iPhones and iPads.
The Webkit sandbox is meant to secure the rest of the OS in case the security system has been compromised. The advisory note revealed that hackers attempted to exploit the Webkit and bypass the sandbox using “maliciously crafted web content.”
The devices that were targeted included models from iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
They noted however that despite releasing the iOS 17.2 update to fix the vulnerability, it could be exploited in older models. “This is a supplementary fix for an attack that was blocked in iOS 17.2,” the company noted. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.”
Users have been advised to install the update immediately.
Apple hasn’t disclosed any details about the threat actors yet.
Published – March 13, 2025 12:31 pm IST
