iOS 18.3.2 Patches Actively Exploited WebKit Vulnerability
Apple has released iOS 18.3.2 and iPadOS 18.3.2 to fix a critical WebKit vulnerability that has been actively exploited by cybercriminals.
The flaw (CVE-2025-24201) allowed maliciously crafted web content to break out of the Web Content sandbox, posing a serious security risk. Initially believed to have been patched in iOS 17.2, Apple has now issued a supplementary fix to fully address the issue.
The tech giant has also confirmed that this vulnerability was used in a highly sophisticated attack targeting specific individuals before iOS 17.2.
“It’s essential that all iOS users update to iOS 18.3.2, as the fix addresses a flaw that has been actively exploited by cybercriminals,” warned Adam Boynton, senior security strategy manager EMEIA at Jamf.
“Cybercriminals will attempt to compromise devices that have not been updated. Therefore, we strongly recommend that users install iOS 18.3.2 immediately. Keeping devices up to date with the latest patches is one of the most effective ways to safeguard against attackers.”
Since WebKit is the framework that powers Safari and other web-based content on iOS, vulnerabilities can have widespread consequences.
“Vulnerabilities in WebKit should be patched quickly,” Boynton explained. “In this particular flaw, attackers were able to use maliciously crafted web content to escape the iOS Web Content sandbox. Breaking out of a sandbox allows an attacker to access data in other parts of the operating system.”
The update is available for iPhone XS and later, multiple iPad Pro models, iPad Air (3rd generation and later) and iPad mini (5th generation and later). Users are urged to update their devices by going to Settings > General > Software Update to ensure protection against potential cyber-threats.
Image credit: nikkimeel / Shutterstock.com
