You don't have javascript enabled.

Apple zero-day exploited in targeted attacks

A critical zero-day vulnerability in Apple’s WebKit browser engine is under active attack. Update your Apple devices immediately and take additional security measures to protect sensitive financial data.

  • Nikita Alexander
  • March 12, 2025
  • 2 minutes

Apple has recently disclosed a critical zero-day vulnerability, tracked as CVE-2025-24201, which has been actively exploited in targeted attacks. This vulnerability affects the WebKit browser engine, a core component of Apple’s operating systems and Safari web browser. The flaw could allow attackers to bypass security sandboxes and execute malicious code on vulnerable devices.

Understanding the threat

CVE-2025-24201 is an out-of-bounds write issue that can be triggered through maliciously crafted web content. Successful exploitation could grant attackers unauthorized access to sensitive data, enable the installation of malware, or even facilitate complete device takeover.

Who is at risk?

The vulnerability affects a wide range of Apple devices and operating systems, including:

  • iPhone XS and later
  • iPad Pro (various models)
  • iPad Air 3rd generation and later
  • iPad 7th generation and later
  • iPad mini 5th generation and later
  • Macs running macOS Sequoia and macOS Sonoma
  • Apple Vision Pro running visionOS 2.3.2

Immediate action required

Apple has released updates to address this vulnerability. It is crucial for users, particularly those in financial institutions, to update their devices immediately to mitigate the risk of exploitation.

How to update

Instructions for updating various Apple devices can be found on Apple’s support website or within the device’s settings menu.

Best practices for enhanced security

While updating devices is the first line of defense, financial institutions should also reinforce the following security practices:

  • Phishing Awareness: Educate employees about phishing attacks, which often leverage zero-day vulnerabilities.
  • Network Security: Strengthen network defenses to detect and prevent malicious activity.
  • Endpoint Protection: Deploy robust endpoint security solutions to monitor and protect devices from malware and unauthorized access.
  • Incident Response: Develop and regularly test incident response plans to effectively manage security breaches.
Previous Post

The power of automated SecOps in financial services
Next Post

Fintech Meetup 2025: Day 1 recap—Embedded finance, AI, and the future of lending

  Bobsguide is a Contentive business