Apple has rolled out iOS 18.3.2, a crucial update aimed at fixing a serious security flaw in WebKit, the engine powering Safari. This vulnerability, tracked as CVE-2025-24201, has already been used in real-world attacks. Here's what you need to know.
The update addresses a WebKit vulnerability that could allow maliciously crafted web content to bypass iPhone’s Web Content sandbox. Once exploited, this could allow attackers to gain access to sensitive information from other parts of the system. This flaw was part of a targeted attack, primarily used by nation-state actors to spy on specific individuals, including journalists and dissidents.
Apple has marked this update as urgent because the flaw has been actively exploited. The vulnerability was initially blocked in iOS 17.2 but affects devices running older versions. While iOS 18.3.2 addresses this, it also comes on its own, just a month after the release of iOS 18.3.1. Apple has advised users to update immediately to protect against potential future exploitation.
Although the flaw has been used in targeted attacks, it’s expected that other adversaries could attempt to exploit it as well. Joshua Long, Chief Security Analyst at Intego, highlighted the vulnerability’s potential to be used beyond its initial targeted scope. Security professionals recommend all iPhone users update to iOS 18.3.2 to avoid becoming a target.
In addition to iPhones, Apple has also rolled out updates for macOS Sequoia, Safari 18.3.1, and visionOS 2.3.2 to patch the same vulnerability across all its platforms. This comprehensive approach shows how widespread the issue was.
Interestingly, Apple did not release an update for iOS 17 devices, even though the flaw affects versions prior to iOS 17.2. This suggests that the vulnerability was patched in iOS 17.2 or that the issue was deemed less critical for older versions. Regardless, iOS 18 users should update immediately.
Alongside the security fix, iOS 18.3.2 addresses a bug that could prevent the playback of some streaming content. However, users have reported that Apple Intelligence was re-enabled by default after the update, which has raised privacy concerns. If this feature is a concern, users are advised to turn it off in settings.
This WebKit vulnerability was a significant risk, but Apple’s quick action in issuing iOS 18.3.2 helps minimize potential damage. Cybercriminals may try to exploit unpatched devices, so ensuring your phone is updated is crucial for protecting sensitive data.
To secure your iPhone, head to Settings > General > Software Update and install iOS 18.3.2 now.
While the vulnerability in WebKit was used in highly targeted attacks, it’s only a matter of time before more malicious actors take advantage of the flaw. By updating to iOS 18.3.2, you’re helping safeguard your device from potential threats and ensuring that your personal data remains protected.
