– Apple has released an urgent iOS patch to fix a critical security vulnerability (CVE-2025-24201) in WebKit, the browser engine that powers Safari and other internet browsers on iPhones and iPads.
– The vulnerability allows hackers to create malicious websites that can break out of the browser’s sandbox and gain control of the entire device.
– The flaw stems from an “out-of-bounds write issue” in Apple’s web browsers.
– 𝗔𝗽𝗽𝗹𝗲 𝗵𝗮𝘀 𝗿𝗲𝗹𝗲𝗮𝘀𝗲𝗱 𝗶𝗢𝗦 𝟭𝟴.𝟯.𝟮 𝘁𝗼 𝗳𝗶𝘅 𝘁𝗵𝗶𝘀 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗶𝘀𝘀𝘂𝗲, 𝘄𝗵𝗶𝗰𝗵 𝘂𝘀𝗲𝗿𝘀 𝘀𝗵𝗼𝘂𝗹𝗱 𝗶𝗻𝘀𝘁𝗮𝗹𝗹 𝗶𝗺𝗺𝗲𝗱𝗶𝗮𝘁𝗲𝗹𝘆.
– The vulnerability potentially affects iPhone XS and later models.
– This is a “zero-day vulnerability,” meaning it was unknown to Apple when hackers first exploited it.
– Other affected systems include iPadOS, macOS Sequoia, Safari, and visionOS.
– Apple confirmed this is a supplementary fix to an attack initially blocked in iOS 17.2.