Summary: Apple has released a security update addressing a zero-day vulnerability (CVE-2025-24201) in the WebKit engine, which has been exploited in sophisticated attacks targeting specific individuals. The update includes enhanced checks to prevent unauthorized actions and is applicable to various devices and operating system versions. This is the third actively exploited zero-day resolved by Apple this year.
Affected: Apple devices running iOS, iPadOS, macOS, and visionOS
Keypoints :
- Vulnerability allows malicious web content to bypass Web Content sandbox.
- The issue was disclosed as part of a supplementary fix related to iOS 17.2 attacks.
- Update available for multiple iPhone, iPad, Mac, and Vision Pro models.
- Apple has addressed three zero-day vulnerabilities in total this year.
Source: https://thehackernews.com/2025/03/apple-releases-patch-for-webkit-zero.html