Apple is urging iPhone users to download its latest iOS patch after the company identified a major security flaw. 

The fix is meant to protect Apple customers from an ‘extremely sophisticated attack’ that is exploiting a critical zero-day vulnerability.

The vulnerability, known as CVE-2025-24201, was found in Webkit – the browser engine employed in Safari and all other mobile internet browsers designed for iPhone or iPad.

Hackers exploited this loophole by crafting malicious websites that could grant them access to various parts of a smartphone beyond the victim’s web browser once these deceptive pages were visited.

Apple is urging users to download iOS 18.3.2, which is available now. 

Users should go to settings and check for the General Software Update.

The tech giant warned that the problem could impact anyone with the iPhone XS and later models.

Apple has warned that 9 of their products, including iPhones and iPads, need to be updated immediately to protect against potential hacking

Zero-day vulnerabilities are software flaws that are entirely new to the software developer, making it so there is no immediate fix available to address the issue when it is initially detected, allowing hackers to take advantage of them.

In a statement Tuesday, Apple said: ‘This is a supplementary fix for an attack that was blocked in iOS 17.2’

The tech giant added that the latest zero-day vulnerability in Webkit was likely used in a cyber attack on ‘specific targeted individuals,’ using Apple’s software updates which were older than iOS 17.2.

Apple released iOS 17.2 in December 2023. Since then, the company has moved to iOS 18, with several updates to their iPhone software coming out since its debut. So, anyone still using 17.2 was already several software updates behind.

The company has not said who was specifically targeted, how long the attacks lasted, or how Apple found out about the attacks. 

Apple does not believe the cybercriminals involved are targeting the company’s entire customer base. 

However, tech experts warned that everyone should still install the newest security updates since the attack could be devastating for anyone targeted. 

Apple also noted that the patch was released for iPad, including the iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later models, iPad Pro 11-inch 1st generation and later models, iPad Air 3rd generation and later models, and the iPad 7th generation and its later models.

The critical zero-day vulnerability could allow hackers to target Apple users with malicious websites that can take over their smartphones

The iPad mini 5th generation and later models, Mac computers running macOS Sequoia, and the Apple Vision Pro are at risk as well.

Anyone with these products is urged to check their device settings for the latest Apple software updates, including iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1.

This is the third zero-day vulnerability Apple has had to patch since the beginning of 2025. The first was discovered and patched by Apple in January and the second was caught just one month ago on February 10.

That incident involved many of the same iPhone models targeted in the latest security scare, with Apple again saying that the February incident was an ‘extremely sophisticated attack against specific targeted individuals.’

The difference in February was that the vulnerability allowed a hacker to physically disable a phone’s USB Restricted Mode while it was locked – meaning a criminal would have still needed access to their victim’s device to exploit this problem.

According to How-To Geek, the new zero-day vulnerability revolves around an out-of-bounds write issue affecting Apple’s web browsers.

This flaw in the software allows hackers to create malicious web content that can break out of the web content ‘sandbox’ and gain control of the victim’s iPhone or iPad.

In simpler terms, the flaw in Apple’s software created a way for hackers to sneak around the protective barriers which fence off the apps on your smart device.

Using phony webpages to break free of the protected zones in a smartphone, hackers were able to enter software areas outside the normal limits of the person’s web browser – taking over the phone.

In a recent interview, James Knight of DigitalWarfare.com said that regularly checking for software updates is one of the most important things you can do to protect yourself from software problems and hackers.

‘Update the phone, update the laptop, even update your smart fridge, patch everything,’ Knight told DailyMail.com.

‘Update regularly, your browser and your software. That’s really, really key.’