Security News > 2025 > March > Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
2025-03-12 04:02
Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in "extremely sophisticated" attacks. The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component. It has been described as an out-of-bounds write issue that could allow an attacker to craft malicious web content such that it
News URL
https://thehackernews.com/2025/03/apple-releases-patch-for-webkit-zero.html
Related news
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Apple backports zero-day patches to older iPhones and Macs (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Old Fortinet flaws under attack with new method its patch didn't prevent (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-11 | CVE-2025-24201 | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. | 8.8 |