On Tuesday, Apple resolved a critical zero-day vulnerability that affected nearly all iPhones and iPads.
Apple has patched a critical zero-day vulnerability (CVE-2025-24201) that affected almost all iPhones and iPads. It may have been exploited in an “advanced targeted attack on specific targets” using older iOS versions.
Zero-Day Vulnerability in WebKit
The vulnerability is located in WebKit, the browser engine of Safari and all other browsers on iPhones and iPads. Apple reports that the problem arose from a bug that wrote to memory without authorization, which could allow hackers to access content from the Web Content sandbox.
The vulnerability affects the iPhone XS and newer, iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and newer), iPad Pro 11-inch (1st generation and newer), iPad Air (3rd generation and newer), iPad (7th generation and newer), iPad mini (5th generation and newer).
Apple recommends all users install the latest update within 36 hours. The update brings iOS and iPadOS to version 18.3.2. It is not known how long the vulnerability has been exploited. We do know that important targets such as activists and diplomats are at the highest risk. Recently, Apple also released a patch for its chips that were susceptible to data leaks.