Apple has released an emergency update to address a zero-day vulnerability affecting many of its iPhones, iPads, Apple Vision Pro, and Mac products.
The bug, designated CVE-2025-24201, is an out-of-bounds write vulnerability in WebKit that can be leveraged to break out of the Web Content sandbox simply by directing the user to maliciously crafted web content. WebKit is Apple’s cross-platform web browser engine used by Apple's own Safari web browser and many other apps and web browsers that run on macOS, iOS, Linux, and Windows.
Apple has advised that it is aware of a report that CVE-2025-24201 may have been exploited in an ‘extremely sophisticated’ attack against specific, targeted individuals on versions before iOS 17.2, however, the company has not provided any further details.
According to Apple CVE-2025-24201 was fixed in iOS 17.2 which was released in December 2023. The new updates are supplementary and include improved checks to prevent unauthorized actions in:
Source: Bleeping Computer
Over the years, Apple's WebKit engine has been the focal point of several critical vulnerabilities, some of which have been actively exploited as zero-day attacks. Notable instances include:
Historically, state-sponsored actors have leveraged zero-day vulnerabilities in Apple products to infiltrate the devices of targeted individuals. A notable instance is the FORCEDENTRY exploit, allegedly developed by the NSO Group, which enabled the deployment of Pegasus spyware on iPhones.
This exploit circumvented Apple's "BlastDoor" security mechanism, allowing attackers to compromise devices without user interaction. The FORCEDENTRY vulnerability was discovered by Citizen Lab, a research group renowned for uncovering digital espionage campaigns against civil society.
Citizen Lab's investigations have repeatedly revealed the use of Apple zero-click exploits by state actors to monitor activists, journalists, and political figures. Thus, it’s possible the report Apple cited regarding an ‘extremely sophisticated’ attack leveraging CVE-2025-24201 was the result of a recent Citizen Lab investigation.
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software such as Apple’s operating systems. Field Effect MDR users are automatically notified if a vulnerable version of Apple software is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly recommends that impacted users install the patch as soon as possible, in accordance with Apple’s advisory.