Apple is urging iPhone users to update iOS after a major security flaw.
The tech giant discovered a vulnerability called CVE-2025-24201. It is located within Webkit - the browser engine that powers Safari and all other internet browsers on Apple devices.
Cybercriminals have taken advantage of the flaw by creating malicious websites that act as a gateway to others parts of the phone.
Users only need to visit the website for hackers to gain access to their files and apps on the device.
Advert
Now, Apple is urging users to download iOS 18.3.2 on their iPhones, which is available now.
You can do this by going to your device's Settings, then tapping General and checking for the Software Update.
According to Apple, the flaw impacts anyone using an iPhone XS or later, as well as iPads, Mac computers running macOS Sequoia - and even the Apple Vision Pro.
Updating to the latest software should protect Apple customers from what the company described as an 'extremely sophisticated attack' on 'specific targeted individuals'.
However, it did not disclose who was specifically targeted, how long the attacks lasted, or how Apple found out about the attacks.
What they did note is that the attack is exploiting a critical zero-day vulnerability.
Zero-day vulnerabilities like this are particularly dangerous because they exploit security gaps that the company wasn’t aware of - meaning hackers had a window of opportunity to strike before a fix was available.
"This is a supplementary fix for an attack that was blocked in iOS 17.2," Apple stated.
Apple rolled out iOS 17.2 in December 2023, but has since transitioned to iOS 18, releasing multiple updates along the way. This means that anyone still running iOS 17.2 is already several versions behind on security updates, making them vulnerable to cyberattacks.
Users with these devices are strongly urged to check their device settings and update to the latest software versions:
- iOS 18.3.2 (for iPhones)
- iPadOS 18.3.2 (for iPads)
- macOS Sequoia 15.3.2 (for Macs)
- visionOS 2.3.2 (for Apple Vision Pro)
- Safari 18.3.1 (for web security fixes)
Apple has also confirmed that the security patch covers multiple iPad models, including iPad Pro (13-inch, 12.9-inch 3rd gen and later, 11-inch 1st gen and later), iPad Air (3rd gen and later), iPad (7th gen and later) and iPad Mini (5th gen and later).
Tech experts have advised everyone to install the newest security updates since the attack could be damaging for anyone targeted.
This is the third zero-day vulnerability Apple has had to patch since the beginning of 2025. The first was addressed in January whilst another was patched in the beginning of February.