Reminder: Apple issued a critical update for iPhones and Macs this week

If you’ve got a to-do list this weekend, we’ve got one more item for it: update your iPhone, iPad, and Mac. An update was released this week that patches a vulnerability first spotted way back in December 2023.

According to Apple’s release notes, the fix affects iOS 18, iPadOS 18, macOS 15, and visionOS 2, as well as Safari 18 for macOS Ventura and macOS Sonoma users. The release notes say the updates include unknown bug fixes, but the big reason to update is a single security update across all devices:

Impact: Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.)

Description: An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions.

WebKit Bugzilla: 285858

CVE-2025-24201: Apple

Apple is credited with discovering the flaw, which was initially patched on December 11, 2023, with iOS 17.2 and macOS Sonoma 14.2. It’s unclear which WebKit patch fixed the original vulnerability.

So far this year, Apple has fixed three zero-days, which are defined as flaws that were previously unknown. While Apple’s language implies this threat was used in targeted attacks, you should definitely update your devices if you haven’t already.