Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw

Apple warns that the WebKIt bug “may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

Apple on Tuesday released iOS 18.3.2 and iPadOS 18.3.2 with an urgent fix for a WebKit flaw that’s already been exploited on older versions of the mobile operating system.

The zero-day, tagged as CVE-2025-24201, allows attackers to break out of the Web Content sandbox and Cupertino warns that it “may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.”

“This is a supplementary fix for an attack that was blocked in iOS 17.2,” the company said in a barebones bulletin.

“For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available,” the company added.

Apple described the bug as an out-of-bounds ...