Update now! Apple patches critical security flaw with iOS 18.3.2
What's the story
Apple has released iOS 18.3.2 and iPadOS 18.3.2, patching a critical vulnerability in WebKit, its browser engine. The flaw, tracked as CVE-2025-24201, has reportedly been exploited in older versions of the mobile operating system. The company said the vulnerability "may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2."
Bug details
Apple clarifies the nature of the WebKit flaw
The tech giant detailed the security issue as an out-of-bounds write problem that was fixed with improved checks to prevent unauthorized actions. "This is a supplementary fix for an attack that was blocked in iOS 17.2," Apple said in a barebones bulletin. "For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available," the company added.
Past issue
Previous security flaw allowed USB Restricted Mode bypass
Notably, the release of iOS 18.3.2 comes exactly one month after Apple patched a security flaw that allowed attackers with physical access to a locked iPhone or iPad to disable USB Restricted Mode — a key protection mechanism. The discovery of the exploit was credited to Bill Marczak of The Citizen Lab at The University of Toronto's Munk School, suggesting the exploit was used for nation-state level surveillance.