Apple has patched its third zero-day flaw of the year with a new emergency security update for iPhones, iPads, Macs and its other devices.
As reported by BleepingComputer, the vulnerability (tracked as CVE-2025-24201) was discovered in the WebKit cross-platform browser engine used in Safari and many other of the company’s apps across iOS, macOS and its other platforms.
The reason this particular zero-day stands out from the rest discovered this year is that it was reportedly used in “an extremely sophisticated attack” according to a security bulletin put out by Apple. If exploited using maliciously crafted web content, this flaw could allow hackers to break out of WebKit’s protective sandbox and access other parts of your iPhone or Mac’s operating system.
Here’s everything you need to know about this new zero-day including which Apple devices are impacted along with some tips and tricks on how you can keep your iPhone, Mac, iPad and even your Vision Pro headset safe from hackers.
Impacted Apple devices
Just like it usually does, Apple is holding back most of the details regarding this flaw including who discovered it and which individuals were targeted in the extremely sophisticated attack that exploited it. The reason for this is that the company wants to give its customers plenty of time to patch their devices.
Since this zero-day was discovered in WebKit, the list of impacted devices is quite long, especially as both new and older Apple devices are vulnerable, including:
- iPhone XS and later
- Macs running macOS Sequoia
- iPad Pro 13-inch
- iPad Pro 12.9-inch (3rd gen and later)
- iPad Pro 11-inch (1st gen and later)
- iPad (7th gen and later)
- iPad mini (5th gen and later)
- Apple Vision Pro
If you have any of these devices and if you’re an Apple user chances are you do, you’re going to want to download and install the company’s latest emergency security update as soon as possible.
Even though that extremely sophisticated attack likely targeted high-value individuals like CEOs and government officials, hackers usually start at the top and work their way down when it comes to using a zero-day like this in their attacks.
How to keep your iPhone and Mac safe from hackers
Apple devices may be known for being safer than their Android and Windows counterparts but now that they’ve become increasingly popular, hackers are going out of their way to target them.
For this reason, you want to download and install any security updates that Apple releases as soon as they become available. Hackers love to go after low-hanging fruit and in this case, that means users who haven’t updated their devices yet even though a patch is available.
As for staying safe from hackers, practicing good cyber hygiene will only get you so far which is why I recommend using one of the best Mac antivirus software solutions for extra protection. There’s no iPhone equivalent to the best Android antivirus apps but Intego’s antivirus software for Mac can scan your iPhone or iPad for malware when connected to a Mac via USB cable.
Just like Google and Microsoft do, Apple fixes a ton of new zero-day flaws each year. Last year there were only six of them but back in 2023, it patched a total of 20 zero-days exploited in attacks. This is why it’s of the utmost importance that you take the time to update your Apple devices when new security updates are released.
More from Tom's Guide
