Apple has released urgent security updates to address a vulnerability CVE-2025-24201, affecting its products, including iOS, iPadOS, macOS Sequoia, VisionOS and Safari. If exploited, this vulnerability could allow an attacker to gain control of an affected device.

Security Risks

Successful exploitation of CVE-2025-24201, could allow attackers to bypass the Web Content sandbox, a critical security feature designed to protect users from malicious content. This could lead to unauthorized access to devices, enabling attackers to perform harmful actions and potentially compromise system security and sensitive data.

For the full list of security updates released by Apple, please refer to Apple security releases.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

1. Upgrade, as soon as possible, to the latest supported version of installed Apple software in order to continue receiving technical support and security patches.

The following software versions are available for upgrade:

• iOS 18.3.2 and iPadOS 18.3.2: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.

• Safari 18.3.1: for macOS Ventura and macOS Sonoma.

• macOS Sequoia 15.3.2: for macOS Sequoia.

• VisionOS 2.3.2:  for Apple Vision Pro.

2. Enable background updates or automatic updates

3. Before any update task, ensure you have backup for your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.

References

• https://support.apple.com/en-us/100100