Executive Summary

Apple has addressed a critical security concern within its WebKit browser engine, a zero-day vulnerability cataloged as CVE-2025-24201. This vulnerability has been reportedly exploited in highly sophisticated attacks targeting specific individuals, emphasizing the necessity for immediate attention and action. The vulnerability affects several Apple operating systems and devices, including iOS, iPadOS, macOS, visionOS, and Safari, underscoring the widespread impact and potential risks associated with this flaw.

Technical Information

The CVE-2025-24201 vulnerability is categorized as an out-of-bounds write, a type of flaw that can lead to arbitrary code execution. In this instance, attackers can exploit the vulnerability by crafting malicious web content that escapes the Web Content sandbox's confines. This exploitation allows unauthorized actions in the operating environment. The systems impacted by this include iOS, iPadOS, macOS, visionOS, and the Safari browser, making it a significant concern for users across various Apple platforms.

Apple's response to this threat was the release of patches for the affected systems, including iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1. The specific devices affected include iPhone XS and later models, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, iPad mini 5th generation and later, Macs running macOS Sequoia, and Apple Vision Pro. Users operating these devices should prioritize updating to the patched versions immediately.

Exploitation in the Wild

Apple has not fully disclosed the details of how the CVE-2025-24201 vulnerability has been exploited but describes the nature of the attacks as "extremely sophisticated." It is inferred that these attacks were targeted, with adversaries using advanced methods to bypass existing security mechanisms. The exploitation involved delivering malicious payloads via the compromised WebKit engine, with the attackers maintaining persistence by leveraging weaknesses in web content rendering.

APT Groups using this vulnerability

While specific Advanced Persistent Threat (APT) groups haven't been publicly identified in relation to CVE-2025-24201, the level of sophistication suggests that nation-state actors or highly skilled cybercriminal organizations could be involved. These groups typically target sectors such as government, defense, human rights activists, and high-profile individuals globally, leveraging zero-day exploits to gain footholds within secure networks.

Affected Product Versions

The list of affected versions includes iOS versions prior to 18.3.2, iPadOS versions prior to 18.3.2, macOS Sequoia versions prior to 15.3.2, visionOS versions prior to 2.3.2, and Safari versions prior to 18.3.1. Devices such as iPhone XS and later, iPad Pro models from the 3rd generation onwards, and Macs running macOS Sequoia are particularly vulnerable if not updated.

Workaround and Mitigation

To mitigate the risk posed by CVE-2025-24201, users must immediately apply the available patches to their devices. Monitoring for unusual network activity and potential indicators of compromise (IOCs) is also recommended. Organizations should enhance their intrusion detection systems to identify and respond to suspicious activities swiftly. Regularly updating software and employing robust security measures can significantly reduce vulnerabilities and the potential for exploitation.

References

For further technical details and updates, refer to the original BleepingComputer article by Sergiu Gatlan here: BleepingComputer Article. Additionally, Apple’s Security Advisories provide comprehensive information on this and related vulnerabilities.

Rescana is here for you

At Rescana, we understand the importance of staying ahead of cybersecurity threats. Our Third Party Risk Management (TPRM) platform is designed to help you manage and mitigate risks associated with your digital ecosystem. We are dedicated to providing you with the tools and insights necessary to protect your assets and maintain secure networks. Should you have any questions regarding this report or need further assistance, please reach out to our cybersecurity team at ops@rescana.com. We are here to support and guide you through these challenges.