{"id":2524,"date":"2025-03-12T10:08:02","date_gmt":"2025-03-12T10:08:02","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/03\/12\/apple-webkit-zero-day-vulnerability-actively-exploit-in-high-profile-cyber-attacks\/"},"modified":"2025-03-12T10:08:02","modified_gmt":"2025-03-12T10:08:02","slug":"apple-webkit-zero-day-vulnerability-actively-exploit-in-high-profile-cyber-attacks","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/03\/12\/apple-webkit-zero-day-vulnerability-actively-exploit-in-high-profile-cyber-attacks\/","title":{"rendered":"Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks"},"content":{"rendered":"<p>    Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>Apple has released emergency security updates addressing a critical zero-day vulnerability in its WebKit browser engine, identified as CVE-2025-24201, which has been actively exploited in targeted attacks. <\/p>\n<p>The flaw, described as an out-of-bounds write issue, could enable attackers to craft malicious web content capable of breaking out of the Web Content sandbox, potentially leading to unauthorized actions on affected devices.<\/p>\n<p>\u201cMaliciously crafted web content may be able to break out of Web Content sandbox, An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions.\u201d Apple <a href=\"https:\/\/support.apple.com\/en-us\/100100\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Stated<\/a>.<\/p>\n<p>The vulnerability affects a wide range of Apple products, including:<\/p>\n<ul class=\"wp-block-list\">\n<li>\n<strong><a href=\"https:\/\/support.apple.com\/en-us\/122281\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">iOS 18.3.2 and iPadOS 18.3.2<\/a><\/strong>: Available for iPhone XS and later models, iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later).<\/li>\n<li>\n<strong><a href=\"https:\/\/support.apple.com\/en-us\/122283\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">macOS Sequoia 15.3.2<\/a><\/strong>: Applicable to Macs running macOS Sequoia.<\/li>\n<li>\n<strong><a href=\"https:\/\/support.apple.com\/en-us\/122285\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Safari 18.3.1<\/a><\/strong>: Available for macOS Ventura and macOS Sonoma.<\/li>\n<li>\n<strong><a href=\"https:\/\/support.apple.com\/en-us\/122284\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">visionOS 2.3.2<\/a><\/strong>: For Apple Vision Pro.<\/li>\n<li>\n<strong><a href=\"https:\/\/support.apple.com\/en-us\/122285\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">tvOS 18.3.1<\/a><\/strong>: Released specifically for Apple TV 4K (3rd generation), though this update has no published CVE entries.<\/li>\n<\/ul>\n<p>Apple\u2019s security advisory noted that the vulnerability \u201cmay have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.\u201d <\/p>\n<p>The company implemented improved checks to prevent unauthorized actions, marking this release as a supplementary fix following an earlier mitigation provided in the iOS 17.2 update.<\/p>\n<p>This latest patch is Apple\u2019s third response to actively exploited zero-day vulnerabilities this year, following earlier patches for <a href=\"https:\/\/cybersecuritynews.com\/apple-zero-day-vulnerability-iphone-users\/\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2025-24085 <\/a>in January and <a href=\"https:\/\/cybersecuritynews.com\/apple-0-day-vulnerability-exploited-in-extremely-sophisticated-attacks-in-the-wild\/\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2025-24200<\/a> in February.<\/p>\n<p>Apple has not disclosed details regarding the discovery of the flaw, the attackers\u2019 identities, or the targeted victims. Users are strongly advised to update their devices immediately to mitigate potential risks associated with this vulnerability.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(135deg,rgb(238,238,238) 100%,rgb(169,184,195) 100%)\"><strong>Find this Story Interesting! Follow us on\u00a0<a href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMOffpwsw1Oq_Aw\" target=\"_blank\" rel=\"noreferrer noopener\">Google News<\/a>,\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener\">LinkedIn<\/a>, and\u00a0<a href=\"https:\/\/x.com\/The_Cyber_News\" target=\"_blank\" rel=\"noreferrer noopener\">X<\/a>\u00a0to Get More Instant Updates<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/apple-webkit-zero-day-vulnerability-actively-exploit-in-high-profile-cyber-attacks\/\">Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Balaji N<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/apple-webkit-zero-day-vulnerability-actively-exploit-in-high-profile-cyber-attacks\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks Apple has released emergency security updates addressing a critical zero-day vulnerability in its WebKit browser engine, identified as CVE-2025-24201, which has been actively exploited in targeted attacks. The flaw, described as an out-of-bounds write issue, could enable attackers to craft malicious web content capable [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[276,129,63,517],"tags":[130],"class_list":["post-2524","post","type-post","status-publish","format-standard","hentry","category-apple","category-cyber-security","category-cyber-security-news","category-zero-day","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/2524"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=2524"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/2524\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=2524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=2524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=2524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}