Apple has released iOS 18.3.2, an operating system update that fixes a vulnerability in the webkit, the browser engine used by Safari to reproduce web pages. The error enabled malicious code that runs inside the web content Sandbox, an isolated environment for web processes designed to limit security risks to affect other parts of the device.
Apple had previously corrected this vulnerability, CVE-2025-24201, with the release of iOS 17.2 back at the end of 2023, but this release adds a supplementary patch. In the release notes for iOS 18.3.2, Apple stated that the question has been “treated with improved controls to prevent unauthorized actions.” The same patch has also been used in iPados 18.3.2, MacOS Sequoia 15.3.2, Visionos 2.3.2 and Safari 18.3.1.
“Vulnerabilities in Webkit should be quickly patched as it is the framework that drives Safari and reproduces other web-based content,” Adam Boynton, Senior Security Security Strategy Manager at Apple Security Firm Jamf, told TechPublic in an email.
“In this particular error, attackers were able to use malicious designed web content to escape the iOS webbedsand box. Breaking out of a sandbox gives an attacker access to data in other parts of the operating system. “
A mysterious delay: Why did Apple take so long?
It is not clear why the initial solution was not sufficient or why Apple has only now released the update this week, but the company refers to “an extremely sophisticated attack on specific targeted individuals on versions of iOS before iOS 17.2”, which may have taken place recently. This suggests that state -sponsored hackers have exploited the vulnerability to the monitoring of high profiled individuals, such as government officials, journalists or senior business leaders.
See: Why does Apple take litigation against the UK government?
The fact that this update comes only one month after iOS 18.3.1 and addresses only one security problem indicates urgent nature. Cupertino typically retains detailed information about vulnerabilities in the early stages of giving users time to update their devices. This strategy helps prevent attackers from exploiting the error before most users have secured their systems with the latest update.
Oddly enough, iOS 18.3.1 landed just one day after Google released an update to its Chrome browser on Mac, Windows and Linux devices, which also patches CVE-2025-24201. Like Apple, Google described it as one outside the bounds to write the problem for Mac GPU and noticed that it had a great influence and is aware that there is an exploitation for it in nature. It was reported to Google by the Apple Security Engineering and Architecture on March 5, so it looks like Apple has been working on its own patch for a number of weeks.
Why do you need to update your Apple devices now
On top of the patching cve-2025-24201, the Apple update is dealing with “a problem that can prevent playback of any streaming content.” Some social media users have also reported that the update is loaded with Apple Intelligence, Apple’s tailor -made artificial intelligence system, automatically enabled, even though the user had previously turned it off. This is frustrating that some users who do not want their data to be analyzed by the model, but they are able to turn it off again.
Despite this, it is recommended that Apple users update their devices as soon as possible, especially those running an older operating system than iOS 17.2 to prevent bad actors trying to exploit the now published vulnerability. It is available for iPhone XS and all newer iPhones as well as iPad Pro (11-inch, 3rd gene and later and 12.9-inch, 1. Gen and later), iPad Air (3. Gen and later), iPad (7th gen and later) and iPad mini (5th gen and later).
You must be asked for the update automatically, but if not, you can start downloading manually by going to settings, general and then software update.