Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now

Apple iPhone 16 Plus Review.
(Image credit: Tom's Guide)

Apple has patched its third zero-day flaw of the year with a new emergency security update for iPhones, iPads, Macs and its other devices.

As reported by BleepingComputer, the vulnerability (tracked as CVE-2025-24201) was discovered in the WebKit cross-platform browser engine used in Safari and many other of the company’s apps across iOS, macOS and its other platforms.

The reason this particular zero-day stands out from the rest discovered this year is that it was reportedly used in “an extremely sophisticated attack” according to a security bulletin put out by Apple. If exploited using maliciously crafted web content, this flaw could allow hackers to break out of WebKit’s protective sandbox and access other parts of your iPhone or Mac’s operating system.

Here’s everything you need to know about this new zero-day including which Apple devices are impacted along with some tips and tricks on how you can keep your iPhone, Mac, iPad and even your Vision Pro headset safe from hackers.

Impacted Apple devices

iPad Pro 2022

(Image credit: Tom's Guide)

Just like it usually does, Apple is holding back most of the details regarding this flaw including who discovered it and which individuals were targeted in the extremely sophisticated attack that exploited it. The reason for this is that the company wants to give its customers plenty of time to patch their devices.

Since this zero-day was discovered in WebKit, the list of impacted devices is quite long, especially as both new and older Apple devices are vulnerable, including:

  • iPhone XS and later
  • Macs running macOS Sequoia
  • iPad Pro 13-inch
  • iPad Pro 12.9-inch (3rd gen and later)
  • iPad Pro 11-inch (1st gen and later)
  • iPad (7th gen and later)
  • iPad mini (5th gen and later)
  • Apple Vision Pro

If you have any of these devices and if you’re an Apple user chances are you do, you’re going to want to download and install the company’s latest emergency security update as soon as possible.

Even though that extremely sophisticated attack likely targeted high-value individuals like CEOs and government officials, hackers usually start at the top and work their way down when it comes to using a zero-day like this in their attacks.

How to keep your iPhone and Mac safe from hackers

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

Apple devices may be known for being safer than their Android and Windows counterparts but now that they’ve become increasingly popular, hackers are going out of their way to target them.

For this reason, you want to download and install any security updates that Apple releases as soon as they become available. Hackers love to go after low-hanging fruit and in this case, that means users who haven’t updated their devices yet even though a patch is available.

As for staying safe from hackers, practicing good cyber hygiene will only get you so far which is why I recommend using one of the best Mac antivirus software solutions for extra protection. There’s no iPhone equivalent to the best Android antivirus apps but Intego’s antivirus software for Mac can scan your iPhone or iPad for malware when connected to a Mac via USB cable.

Just like Google and Microsoft do, Apple fixes a ton of new zero-day flaws each year. Last year there were only six of them but back in 2023, it patched a total of 20 zero-days exploited in attacks. This is why it’s of the utmost importance that you take the time to update your Apple devices when new security updates are released.

More from Tom's Guide

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
iPhone 16 Pro shown held in hand
Apple just patched its first zero-day flaw of the year — update your iPhone and Mac right now
Apple iPhone 16 held in the hand.
iOS 18.3.1 — update your iPhone right now to fix critical zero-day vulnerability
MacBook Pro 16-inch 2021 sitting on a patio table
Critical macOS flaw puts your data and cameras at risk — update right now
A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.
Mac and iPhone users beware — Apple processors can be exploited to steal sensitive information
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Google Pixel 9 held in the hand.
Google just fixed a zero-day kernel flaw used by hackers and 47 other vulnerabilities — update your Android phone right now
Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in News
A TV with the Netflix logo sits behind a hand holding a remote
Netflix is rolling out a big video quality upgrade — what you need to know
Choi Hyun-Wook, Hong Kyung, and Park Ji-hoon in "Weak Hero Class 1" now streaming on Netflix
This action-packed K-drama is now streaming on Netflix — and now’s the time to binge-watch before season 2
OnePlus 13 back, leaning against blue wall
OnePlus 13T could come with an even bigger battery than OnePlus 13 — this is incredible
Apple Watch Ultra 2
Apple Watch Ultra 3 just tipped for two major upgrades
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 25 (#653)
A nervous woman looking at her phone
Is ChatGPT making us lonely? MIT/OpenAI study reveals possible link