Full Report
iOS 18.3.2 patches actively exploited WebKit flaw, addressing critical security risks for users
Analysis Summary
# Vulnerability: Actively Exploited WebKit Sandbox Escape in iOS
## CVE Details
- CVE ID: CVE-2025-24201
- CVSS Score: Not specified in detail, but described as a **critical** WebKit vulnerability that has been **actively exploited**.
- CWE: Not specified.
## Affected Systems
- Products: iOS, iPadOS
- Versions: Versions prior to iOS 18.3.2 and iPadOS 18.3.2 (and likely prior to the initial fix in iOS 17.2 if the supplementary patch in 18.3.2 addresses a persistence of the issue).
- Configurations: Any system running vulnerable versions running Safari or other apps processing web content.
## Vulnerability Description
The vulnerability is a critical flaw within the WebKit framework that allowed a maliciously crafted piece of web content to successfully break out of the Web Content sandbox. This sandbox escape could lead to significant security compromises on the affected devices. Apple noted this vulnerability was used in sophisticated attacks targeting specific individuals before the initial patch in iOS 17.2.
## Exploitation
- Status: **Actively exploited in the wild** (Zero-day, as it was used prior to the patch release).
- Complexity: Implied **High** due to its use in "highly sophisticated attack targeting specific individuals."
- Attack Vector: **Network** (via malicious web content delivered through Safari or other web-enabled applications).
## Impact
- Confidentiality: High (Sandbox escape often leads to arbitrary code execution/data theft)
- Integrity: High (Ability to modify system state or data)
- Availability: Moderate to High (Depending on subsequent exploitation capability)
## Remediation
### Patches
- **iOS 18.3.2**
- **iPadOS 18.3.2**
### Workarounds
- Explicit workarounds are not detailed, but the strong recommendation is immediate patching.
## Detection
- Detection methods are not specified in detail, but the primary indicator of compromise is the successful exploitation of this flaw, potentially leading to unauthorized access or changes on the device.
- Users are strongly advised to check if their device software version is up to date.
## References
- Vendor Advisory: Apple Security Update reference implied via the release of iOS/iPadOS 18.3.2.
- Relevant links:
- hxxps://www.infosecurity-magazine.com/news/ios-1832-patches-exploited-webkit/