By Daily Mail (U.S.) | Created at 2025-03-12 17:26:46 | Updated at 2025-03-12 21:58:07
4 hours ago
Apple is urging iPhone users to download its latest iOS patch after the company identified a major security flaw.
The fix is meant to protect Apple customers from an 'extremely sophisticated attack' that is exploiting a critical zero-day vulnerability.
The vulnerability, called CVE-2025-24201, was identified within Webkit - the browser engine used in Safari and all other internet browsers created for the iPhone or iPad.
Hackers used the flaw like an open door, creating malicious websites that would give them access to other smartphone areas outside of a victim's web browser after visiting these phony pages.
Apple is urging users to download iOS 18.3.2, which is available now.
Users should go to settings and check for the General Software Update.
The tech giant warned that the problem could impact anyone with the iPhone XS and later models.
Apple has warned that 9 of their products, including iPhones and iPads, need to be updated immediately to protect against potential hacking
Zero-day vulnerabilities are software weaknesses which are completely unknown to the vendor creating the program, meaning there is no patch that corrects the flaw when it's first discovered and hackers are capable of exploiting them.
In a statement Tuesday, Apple said: 'This is a supplementary fix for an attack that was blocked in iOS 17.2'
The tech giant added that the latest zero-day vulnerability in Webkit was likely used in a cyber attack on 'specific targeted individuals,' using Apple's software updates which were older than iOS 17.2.
Apple released iOS 17.2 in December 2023. Since then, the company has moved to iOS 18, with several updates to their iPhone software coming out since its debut. So, anyone still using 17.2 was already several software updates behind.
The company has not said who was specifically targeted, how long the attacks lasted, or how Apple found out about the attacks.
Apple does not believe the cybercriminals involved are targeting the company's entire customer base.
However, tech experts warned that everyone should still install the newest security updates since the attack could be devastating for anyone targeted.
Apple also noted that the patch was released for iPad, including the iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later models, iPad Pro 11-inch 1st generation and later models, iPad Air 3rd generation and later models, and the iPad 7th generation and its later models.
The critical zero-day vulnerability could allow hackers to target Apple users with malicious websites that can take over their smartphones
The iPad mini 5th generation and later models, Mac computers running macOS Sequoia, and the Apple Vision Pro are at risk as well.
Anyone with these products is urged to check their device settings for the latest Apple software updates, including iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1.
This is the third zero-day vulnerability Apple has had to patch since the beginning of 2025. The first was discovered and patched by Apple in January and the second was caught just one month ago on February 10.
That incident involved many of the same iPhone models targeted in the latest security scare, with Apple again saying that the February incident was an 'extremely sophisticated attack against specific targeted individuals.'
The difference in February was that the vulnerability allowed a hacker to physically disable a phone's USB Restricted Mode while it was locked - meaning a criminal would have still needed access to their victim's device to exploit this problem.
According to How-To Geek, the new zero-day vulnerability revolves around an out-of-bounds write issue affecting Apple's web browsers.
This flaw in the software allows hackers to create malicious web content that can break out of the web content 'sandbox' and gain control of the victim's iPhone or iPad.
In simpler terms, the flaw in Apple's software created a way for hackers to sneak around the protective barriers which fence off the apps on your smart device.
Using phony webpages to break free of the protected zones in a smartphone, hackers were able to enter software areas outside the normal limits of the person's web browser - taking over the phone.
In a recent interview, James Knight of DigitalWarfare.com said that regularly checking for software updates is one of the most important things you can do to protect yourself from software problems and hackers.
'Update the phone, update the laptop, even update your smart fridge, patch everything,' Knight told DailyMail.com.
'Update regularly, your browser and your software. That's really, really key.'
