Apple released a security update to fix a zero-day vulnerability (CVE-2025-24201) in the WebKit browser engine, exploited in sophisticated attacks. The flaw, an out-of-bounds write, could allow attackers to break out of the Web Content sandbox using malicious web content. Apple improved checks to mitigate the issue, which affected iOS, iPadOS, macOS, Safari, and visionOS. This marks the third actively exploited zero-day Apple has addressed in 2025, alongside CVE-2025-24085 and CVE-2025-24200.

‍