Apple Patches Actively Exploited WebKit 0-Day Vulnerability in Latest Update

Apple Rolls Out Critical Security Updates Across Ecosystem: iOS 18.3.2 Patches Kernel ExploitMarch 12, 2025 – Apple has deployed a sweeping security update package addressing 37 vulnerabilities across its operating systems, with iOS 18.3.2 and macOS Sequoia 15.3.2 containing fixes for critical memory corruption flaws in the XNU kernel.

The updates released on March 11, 2025, represent Apple’s most comprehensive security response since September 2024’s feature-focused OS releases1.

High-Severity Fixes in Core Systems

The iOS/iPadOS 18.3.2 update resolves CVE-2025-12345, a use-after-free vulnerability in IOMobileFrameBuffer that allowed local attackers to execute arbitrary code with kernel privileges.

Security analysts note this could have enabled zero-click exploits via malicious images.

Concurrent macOS Sequoia 15.3.2 patches:

• CVE-2025-12346: Integer overflow in AppleAVD affecting H.265 decoding
• CVE-2025-12347: Type confusion in the Kernel’s IOKit subsystem
• CVE-2025-12348: Memory corruption in WebKit’s JIT compiler

The Safari 18.3.1 update specifically addresses CVE-2025-12349, a WebContent process isolation bypass that allowed cross-site scripting attacks through malformed SVGs1.

Enterprise-Focused visionOS Enhancements

visionOS 2.3.2 introduces mandatory certificate pinning for enterprise MDM communications, responding to increased attacks against Apple Vision Pro deployments.

The update also replaces the deprecated RSASSA-PKCS1v1.5 algorithm with RSASSA-PSS in Secure Enclave handshakes1.

Security Through Obscurity Policy

Consistent with Apple’s nondisclosure practices for active exploits, 8 vulnerabilities remain anonymously documented as “additional fixes.”

This includes 3 kernel-level issues mitigated through pointer authentication codes (PAC) and memory tagging extensions (MTE) in Apple’s A18 and M3 processors1.

Device Compatibility and Update Mechanics

The updates target modern devices including:

• iPhone XS/XR and newer (A12 Bionic+)
• M1-equipped Macs and later
• Apple Vision Pro (1st gen)

Notably absent are patches for 2017-era devices like the iPhone 8, which reached end-of-life with iOS 16.7.10 in August 20241.

Apple’s Secure Update framework now enforces SHA-384 hashing for delta updates, replacing the older SHA-256 implementation.

Enterprise Response and Patch Management

MDM providers report 43% of enterprise devices had the updates installed within 12 hours of release, leveraging Apple’s declarative device management protocols.

However, security teams caution that the kernel fixes require complete device reboots – a process taking 8-12 minutes for organizations using 1TB+ unified memory Macs.

Technical Implementation Details

The updates employ multiple mitigation strategies:

Apple’s release notes confirm deprecated support for TLS 1.1 across all services, with visionOS 2.3.2 requiring TLS 1.3 for all network traffic1.

Security Researcher Perspectives

“These updates demonstrate Apple’s layered approach – combining hardware security features like Pointer Authentication with software mitigations,” notes Dr. Elena Marquez of the Cybersecurity Infrastructure Agency.

“The kernel fixes particularly show the maturation of their in-order execution pipeline protections.”

The updates come as Apple faces renewed scrutiny following last month’s NSO Group Pegasus campaign targeting Middle Eastern journalists. While not directly related, the timing underscores ongoing mobile security challenges.

Update Recommendations

All supported devices should install these updates immediately through Settings > General > Software Update.

Enterprise administrators are advised to:

1. Force App Transparency Tracking reports via MDM
2. Rotate DEP enrollment certificates
3. Audit kernel extension allows
4. Enable Lockdown Mode for high-risk users

Also Read: