On March 11, 2025, Apple released several security updates across its product lines, addressing a critical WebKit vulnerability that had been exploited in targeted attacks. The updates include iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and tvOS 18.3.1.
Understanding the WebKit Vulnerability
The core issue lies within WebKit, the engine that powers Apple’s Safari browser. Identified as CVE-2025-24201, this vulnerability allows maliciously crafted web content to break out of the Web Content sandbox, potentially leading to unauthorized actions on the device. Apple acknowledged that this flaw had been exploited in “extremely sophisticated” attacks targeting specific individuals using versions of iOS prior to 17.2.
Details of the Security Updates
- iOS 18.3.2 and iPadOS 18.3.2: These updates address the WebKit vulnerability by implementing improved checks to prevent unauthorized actions. support.apple.com
- macOS Sequoia 15.3.2: Similarly, this update patches the WebKit flaw, enhancing the security of Mac systems. support.apple.com
- visionOS 2.3.2: This update includes the necessary security fix for devices running visionOS. support.apple.com
- tvOS 18.3.1: While this update was released alongside the others, Apple has not published any CVE entries for it, indicating no known security vulnerabilities were addressed. support.apple.com
Recommendations for Users
Given the severity of the WebKit vulnerability and its exploitation in targeted attacks, it’s crucial for users to update their devices promptly. To ensure your device is protected, navigate to the settings menu, select the software update option, and follow the on-screen instructions to install the latest version.
By keeping your devices up to date, you safeguard your personal information and maintain the overall security and performance of your Apple products.