Subj : Apple fixes dangerous zero-day used in attacks against iPhones an To : All From : TechnologyDaily Date : Wed Mar 12 2025 14:15:08 Apple fixes dangerous zero-day used in attacks against iPhones and iPads Date: Wed, 12 Mar 2025 14:00:00 +0000 Description: Apple uncovered a new out-of-bounds vulnerability and fixed it with improved checks. FULL STORY ======================================================================Apple released a new fix for iOS and iPadOS It solves a zero-day used in "extremely sophisticated" attacks This is the third zero-day addressed this year Apple has released a new patch for iOS and iPadOS addressing a vulnerability abused in extremely sophisticated attacks. In a security advisory published earlier this week, the company said it recently uncovered an out-of-bounds write issue in WebKit, its cross-platform web browser engine. WebKit is used by Apples browser , Safari, as well as other apps and browsers on macOS, iOS, Linux, and Windows. The vulnerability is tracked as CVE-2025-24201 , and can be used to break out of the Web Content sandbox through custom-built web content. It is yet to be assigned a severity score. ConnectWise RAT Apparently, the vulnerability was fixed in iOS 17.2, but can still be exploited in older models: "This is a supplementary fix for an attack that was blocked in iOS 17.2," Apple said in the advisory. "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2." The bug was fixed with improved checks, thus preventing unauthorized actions. The first clean versions are iOS 18.3.2., iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1. According to CyberInsider , the patch applies to a broad range of Apple devices such as iPhones (XS and later), iPads (Pro, Air, mini, and standard models from the 3rd generation onward), and macOS Sequoia-powered devices. Its Apple standard practice to withhold details about the vulnerability until the majority of endpoints have been patched. Therefore, we dont know who the threat actors of this extremely sophisticated attack are, or who the victims were. BleepingComputer reports that this is the third zero-day vulnerability Apple fixed this year, after the January CVE-2025-24085, and February CVE-2025-24200. Last year, the company addressed six zero-day vulnerabilities in total. Via BleepingComputer You might also like Apple security alert - zero-day patched, so update your devices now We've rounded up the best password managers Take a look at our guide to the best authenticator app ====================================================================== Link to news story: https://www.techradar.com/pro/security/apple-fixes-dangerous-zero-day-used-in- attacks-against-iphones-and-ipads --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .