Tech and AIUpdate Your iPhone Now to Fix Safari Security Flaw

Update Your iPhone Now to Fix Safari Security Flaw

-


Close up of a hand holding an iPhone.
Image: Apple’s Official YouTube Page

Apple has released iOS 18.3.2, an operating system update that fixes a vulnerability in WebKit, the browser engine used by Safari to render web pages. The flaw allowed malicious code running inside the Web Content sandbox, an isolated environment for web processes designed to limit security risks, to impact other parts of the device.

Apple previously fixed this vulnerability, CVE-2025-24201, with the release of iOS 17.2 back in late 2023, but this release adds a supplemental patch. In the release notes for iOS 18.3.2, Apple stated that the issue has been “addressed with improved checks to prevent unauthorized actions.” That same patch has also been applied in iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1.

“Vulnerabilities in WebKit should be patched quickly, as it is the framework that powers Safari and renders other web-based content,” Adam Boynton, Senior Security Strategy Manager at Apple security firm Jamf, told TechRepublic in an email.

“In this particular flaw, attackers were able to use maliciously crafted web content to escape the iOS Web Content sandbox. Breaking out of a sandbox allows an attacker to access data in other parts of the operating system.”

A mysterious delay: Why did Apple take so long?

It is not clear why the initial fix was not sufficient or why Apple has only now released the update this week, but the company does refer to “an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2” which may have occurred recently. This suggests that state-sponsored hackers have been exploiting the vulnerability to surveil high-profile individuals, such as government officials, journalists, or senior business executives.

SEE: Why is Apple Taking Legal Action Against UK’s Government?

The fact that this update comes just a month after iOS 18.3.1 and addresses only one security issue does indicate urgency. Cupertino typically withholds detailed information about vulnerabilities in the early stages to give users time to update their devices. This strategy helps prevent attackers from exploiting the flaw before the majority of users have secured their systems with the latest update.

Curiously, iOS 18.3.1 landed just one day after Google released an update for its Chrome browser on Mac, Windows, and Linux devices which also patches CVE-2025-24201. Like Apple, Google described it as an out-of-bounds write issue for the Mac GPU and noted that it had a high impact and is aware that an exploit for it exists in the wild. It was reported to Google by Apple Security Engineering and Architecture on March 5, so it seems Apple has been working on its own patch for a number of weeks.

Why you should update your Apple devices now

On top of patching CVE-2025-24201, the Apple update “addresses an issue that may prevent playback of some streaming content.” Some social media users have also reported that the update loads with Apple Intelligence, Apple’s bespoke artificial intelligence system, automatically enabled, even if the user had previously switched it off. This is frustrating some users who don’t wish for their data to be analysed by the model, but they are able to switch it off again.

Despite this, it’s recommended that Apple users update their devices as soon as possible, especially those running an older operating system than iOS 17.2, to prevent bad actors attempting to exploit the now-publicised vulnerability. It is available for iPhone XS and all newer iPhones, as well as iPad Pro (11-inch, 3rd gen and later, and 12.9-inch,1st gen and later), iPad Air (3rd gen and later), iPad (7th gen and later), and iPad mini (5th gen and later).

You should be prompted about the update automatically, but if not, you can initiate the download manually by going to Settings, General, and then Software Update.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Canadian Devs Are Backing Out of Attending GDC

Amid deteriorating relations between the US and Canada, many Canadian video game developers are opting not to travel...

Bench is charging people for services they already paid for, some customers say

After Employer.com acquired bankrupt accounting startup Bench in a fire-sale late last year, CEO Jesse Tinsley pledged on...

Coinbase Scores Big as Vermont Drops Case—Is This the End of Staking Crackdowns?

Coinbase just scored a massive legal win as Vermont rescinds its case on staking services, reinforcing that staking...

Advertisement

Gold Futures Price Just Hit All-Time High: What Does Gold Mean For BTC Price?

The gold futures price has torn through the $3,000 ceiling, hitting $3,001.30 in April futures and cementing a...

Will Cisco’s Free Tech Training for 1.5M People Help Close EU’s Skills Gap?

Cisco recently announced its initiative to provide 1.5 million people in the European Union by 2030 free courses...

Must read

Canadian Devs Are Backing Out of Attending GDC

Amid deteriorating relations between the US and Canada,...

You might also likeRELATED
Recommended to you