Hot on the heels of the exploitation attempts of the medium-severity vulnerability in Espressif ESP32 Bluetooth chips, leveraged in over 1 billion devices, another security issue in a widely popular product, a cross-platform browser engine, WebKit, poses an increasing threat to organizations and individual users worldwide. Tracked as CVE-2025-24201, the newly uncovered zero-day vulnerability is at risk of exploitation in highly sophisticated attacks with adversaries abusing specially crafted web content to escape the Web Content sandbox.
As cyber threats accelerate in complexity, GitHub data reveals that by the end of 2024, security researchers were uncovering an average of 115 new CVEs every day. Meanwhile, Verizon’s analysis indicates that vulnerability exploitation accounted for 14% of breaches—almost triple the rate observed in 2023.
Register for SOC Prime Platform for collective cyber defense to always stay on top of emerging threats. The Platform aggregates the world’s largest collection of Sigma rules enriched with real-time CTI and backed by a complete product suite for automated threat hunting, AI-powered detection engineering, and advanced threat hunting.
Hit the Explore Detections button below and immediately access a broad stack of context-enriched detections already filtered by the “CVE” tag so you won’t miss any evolving threat potentially challenging your business.
All the rules are compatible with 40+ SIEM, EDR, and Data Lake technologies, and mapped to MITRE ATT&CK® to streamline threat investigation. Additionally, each rule is enriched with extensive metadata, including CTI references, attack timelines, audit configurations, triage recommendations, and more.
CVE-2025-24201 Analysis
A novel zero-day flaw (CVE-2025-24201) was discovered in WebKit, a cross-platform browser engine primarily powering Safari and other apps and browsers across macOS, iOS, Linux, and Windows. According to the vendor, CVE-2025-24201 can be weaponized via maliciously crafted web content to break out of the Web Content sandbox. This zero-day impacts a wide range of devices, including iPhone XS and later, various iPad models, Macs running macOS Sequoia, and Apple Vision Pro.
In response to the escalating threats and the risks of CVE-2025-24201 exploitation in highly sophisticated attacks targeting specific individuals on iOS versions prior to 17.2, Apple rolled out emergency security updates to address this zero-day vulnerability. More specifically, Apple fixed this out-of-bounds write issue with improved checks to prevent unauthorized actions in visionOS 2.3.2, iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, and Safari 18.3.1.
Therefore, as a potential CVE-2025-24201 mitigation measure, defenders recommend installing the latest security updates promptly to minimize the risks of any potential ongoing exploits. With the increasing volumes of zero-days and attempts to exploit them in real-world attacks, progressive organizations are striving to proactively defend against intrusions. SOC Prime Platform for collective cyber defense helps individual researchers and enterprises in diverse industry sectors outscale cyber threats and strengthen the organization’s cybersecurity posture while adopting a future-proof strategy based on privacy-first and zero-trust approaches.
The post CVE-2025-24201 Exploitation: Apple Fixes the WebKit Zero-Day Vulnerability Used in Sophisticated Attacks appeared first on SOC Prime.
