Published On: Mar 13, 2025 23:02
Advisory No: TZCERT-SA-25-0067
Source: Apple
Software Affected: WebKit web browser engine
Apple has released a security patch to address a critical vulnerability in the WebKit browser engine (CVE-2025-24201). Exploitation of this vulnerability could allow an attacker to escape the Web Content sandbox and potentially execute arbitrary code.
Apple has issued a critical security update to fix a vulnerability (CVE-2025-24201). The flaw allows malicious web content to escape the Web Content sandbox, enabling the execution of arbitrary code. It is present in WebKit versions prior to iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, and visionOS 2.3.2. This vulnerability has been actively exploited in targeted attacks against specific individuals.
Successful exploitation of this vulnerability can lead to arbitrary code execution and the potential for further attacks, including privilege escalation and system compromise.
Apple has released security updates for affected platforms. Users and administrators are strongly encouraged to upgrade to the latest versions of their devices operating systems.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
