iOS 18.3.2 Fixes Flaw Exploited by Hackers in ‘Sophisticated Attacks’

Apple is rolling out updates across its product lineup to address a weakness likely exploited by hackers in targeted attacks.

The updates – iOS 18.3.2 and iPadOS 18.3.2; macOS Sequoia 15.3.2; Safari 18.3.1, and visionOS 2.3.2 – deliver a handful of general fixes, but share an important common denominator: a fix for a security vulnerability which, according to Apple, criminals have likely exploited in highly-targeted attacks.

In typical fashion, the technical details are scarce – giving users a chance to update while preventing opportunistic exploits on unpatched devices. However, the advisory makes it clear that users must make this software patch a priority.

‘Extremely sophisticated attack against specific targeted individuals’

The flaw, tracked as CVE-2025-24201, resides in the WebKit web browser engine used by countless apps on iOS and macOS.

“Maliciously crafted web content may be able to break out of Web Content sandbox,” reads the security notice. “This is a supplementary fix for an attack that was blocked in iOS 17.2.”

The tech titan then notes:

Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.

At first glance, iOS 18.3.2 delivers a handful of fixes and improvements. However, accessing the security advisory link reveals that that this is an important security patch

Source: Bitdefender

Since WebKit is shared by the underlying software of all Apple devices, the same notice applies to Mac and Apple Vision users.

Third emergency security fix for 2025

The wording is reminiscent of another emergency security fix deployed against “sophisticated” attacks on Apple hardware.

In February, the company issued emergency updates to plug a weakness “exploited in an extremely sophisticated attack against specific targeted individuals.”

Attackers leveraging this flaw are said to have bypassed the “USB Restricted Mode” security feature Apple introduced a decade ago, which prevents tethered access to an iPhone’s contents if the phone has not been unlocked and connected via cable within the past hour.

Read: Apple Issues Emergency iOS 18.3.1 Update to Plug ‘Extremely Sophisticated’ Attack Vector on iPhones and iPads. Patch Now!

In January, just weeks prior, Apple addressed the first important security issue for 2025 – a CoreMedia flaw affecting almost all Apple products, said to have been exploited by hackers before Apple learned of the weakness.

The “zero-day” flaw was exploitable not only on iPhones and iPads, but also on Macs, the Apple Vision headgear, the Apple Watch, and the Apple TV media player. Zero-day flaws have been notoriously exploited by spyware developers and sold to high-paying clients, as well as to law enforcement when the situation demands it.

Read: FBI Hacked Trump Shooter’s Phone in 40 Minutes Using ‘Unreleased Technology’

Read: Pegasus Spyware Under Fire: Court Docs Claim NSO Group Kept Infecting Celebs, Including a Dubai Princess, as Tech Giants Fought to Take It Down

Patch up. Stay protected!

Sophisticated attacks like those described in Apple’s advisory typically target high-profile people. However, it’s always a good idea to keep your iGear updated to the latest version.

As we note in our recent security guide for iPhone users, Apple’s proverbial walled garden has long been lauded for its robust security, thanks to a tightly controlled ecosystem, a strict app review process, and timely software patches. However, advanced cyber threats targeting Apple users – especially iPhone users – persist.

Read: 10 Cyberthreats iPhone Users Can’t Afford to Ignore in 2025

For peace of mind, run a dedicated security solution on all your personal devices. On iOS and macOS, remember to also keep the trusty Lockdown Mode toggle handy if you believe hackers might be targeting you.