For the third consecutive month in 2025, Apple has rolled out an emergency security patch to fix an actively exploited zero-day vulnerability. The flaw, identified as CVE-2025-24201, exists in WebKit, Apple’s open-source browser engine utilized by Safari and other apps across macOS, iOS, and iPadOS

Affected Devices

  • iPhone XS and newer
  • iPad Pro (3rd generation and later)
  • Pad Air (3rd generation and later)
  •  iPad 7th generation and newer
  •  iPad mini 5th generation and later

as well as systems running macOS Sequoia and Apple Vision Pro.

Why It Matters

  • Targeted Vulnerability: Due to WebKit’s pivotal  role in Apple’s ecosystem, security flaws within it are highly sought after by state backed threat actors looking to gain deeper access to devices.
  • Sophisticated Exploits: Apple’s description of the attacks as “extremely sophisticated” suggests that these exploits are likely the work of skilled threat actors , like nation-state entities, similar to previous incidents.
  • Apple confirmed that the vulnerability is being actively exploited in attacks targeting certain individuals with versions of iOS prior to iOS 17.2, though the company provided minimal details about the nature of these attacks.

Apple has already disclosed 17 zero-day vulnerabilities in WebKit since 2023, many of which were exploited by nation-state actors deploying tools such as Pegasus and Predator spyware to track or monitor high-profile individuals around the world

Exploitation Potential

The flaw allows attackers to execute arbitrary code on affected devices by bypassing WebKit’s sandbox, which could lead to:

  • Malware installation
  • Data exfiltration
  • Privilege escalation
  • Stealthy monitoring of user activity
  • Circumventing security features for persistent access

According to Adam Boynton, an Apple security expert at Jamf, successfully exploiting CVE-2025-24201 requires a deep understanding of:

  • Memory corruption techniques
  • WebKit internals
  • Security bypass methods like Pointer Authentication Codes (PAC) and Control Flow Integrity (CFI)

The Bottom Line

Apply Apple’s latest security patches (iOS 18.3.2, iPadOS 18.3.2, etc.) as soon as possible to protect your device. If you can’t update watch for unusual activity on device or enable Lockdown Mode for stronger protection. Moreover, Apple’s frequent disclosers of zero-day vulnerabilities shows the increasing sophistication of cyberattacks targeting its ecosystem.

Follow us on X and LinkedIn for the latest cybersecurity news.

Source: hxxps[://]www[.]darkreading[.]com/mobile-security/apple-drops-another-webkit-zero-day-bug