Apple has urged its users to update their devices immediately to avoid a potential cyberattack exploiting a critical security flaw. The warning affects billions of iPhone users and highlights a major vulnerability in Apple’s software.
The company identified a zero-day vulnerability in WebKit, the browser engine used by Safari and all other internet browsers on iPhones and iPads. In a statement, Apple noted, “This is a supplementary fix for an attack that was blocked in iOS 17.2.” Hackers can exploit this vulnerability by creating malicious websites that enable access to a victim’s device beyond the web browser.
Apple indicated that this zero-day vulnerability has likely been used in attacks targeting specific individuals using versions of iOS older than 17.2. The iOS 17.2 update was released in December 2023, emphasizing the importance for users to update promptly.
Sarunas Sereika, a senior product manager at cybersecurity firm Surfshark, highlighted the risks of neglecting software updates. He stated, “You have to keep your software up to date. Sometimes that means you need a newer phone, but in this case, simply keep your software up to date to eliminate any back doors for hackers.” Sereika elaborated on the implications of a cyber attack, explaining that personal data theft—including names, credentials, emails, and financial data—can lead to identity theft and financial losses.
In a recent update, Apple released iOS 18.3.2 and iPadOS 18.3.2 on March 11, 2025, specifically addressing the vulnerabilities found in WebKit. This update is available for select iPhone and iPad models, including iPhone XS and later, various iPad Pro versions, iPad Air 3rd generation and later, and others.
The impact of this vulnerability could allow malicious web content to break out of the Web Content sandbox, making the fix critical for users. Apple is aware of the report that this issue may have been exploited in a sophisticated attack against targeted individuals who did not have the latest software updates.
Additionally, the recent update addressed an out-of-bounds write issue with improved checks to prevent unauthorized actions. For more information, Apple maintains a Product Security page detailing the incident and related updates.
Featured image credit: Denis Cherkashin/Unsplash