Overview 

CISA recently provided guidance for CVE-2025-24201, an out-of-bounds write issue in WebKit, which is a browser engine primarily used in Apple's Safari web browser and other browsers on iOS and iPadOS. This issue affects Apple devices running on visionOS, iOS, iPadOS, macOS, and Safari. There has been evidence of active exploitation of this CVE in versions of iOS before 17.2. A successful exploit could allow the creation of harmful or intentionally manipulated web code (like HTML, JavaScript) that can exploit weaknesses in the WebKit browser engine, potentially leading to unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, and Safari 18.3.1. 

CISA is requiring all United States government organizations to patch vulnerable devices by April 3, 2025. While CISA’s requirement is only for the US government, enterprise organizations should follow their guidance as well and devise an update plan of their own with a deadline for employees to update to the latest versions of Apple’s operating systems. 

Lookout Analysis

Software, regardless of who develops it, is rarely without flaws. While Apple's control over both its hardware and software creates a less diverse ecosystem that reduces the factors that could introduce exploitable code, their devices are not invulnerable.

This incident, along with similar occurrences, demonstrates how important it is to have visibility into vulnerable devices across your mobile fleet - just like you would with your laptops, desktops, and other connected devices. Elevating mobile vulnerability data to match your existing EDR strategy will only help protect your organization. To combat these problems, security teams should leverage mobile EDR to integrate mobile device and app vulnerability data into their SIEM, SOAR, or XDR solution. 

‍

‍