Apple has released iOS 18.3.2 and it comes with a warning to update your iPhone now. That’s because … [+] iOS 18.3.2 fixes a single but serious security issue already being used in real-life attacks.
Apple iPhoneUpdate, Mar. 13, 2025. This story, originally published Mar. 12, now includes additional expert analysis on the flaw fixed iOS 18.3.2 and in Google Chrome, as well as the news that Apple Intelligence is re-enabled for some users.
Apple has released iOS 18.3.2 and it comes with a warning to update your iPhone now. That’s because iOS 18.3.2 fixes a single but serious security issue already being used in real-life attacks.
Apple doesn’t provide much detail about what’s fixed in iOS 18.3.2, so iPhone users have time to update their devices before more attackers can get hold of the details. However, it’s clear the iPhone maker sees the single patch in iOS 18.3.2 as urgent, because it comes on its own and only a month after it released iOS 18.3.1.
Tracked as CVE-2025-24201, the flaw WebKit, the engine that underpins the Safari browser, could allow maliciously crafted web content to break out of Web Content sandbox.
The iOS 18.3.2 update is a supplementary fix for an attack that was blocked in iOS 17.2, Apple said on its support page. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2,” the iPhone maker added.
iOS 18.3.2 Fixes Serious Security Issue
On Feb. 10, Apple issued iOS 18.3.1, fixing a security issue that could allow devices to connect to your iPhone and steal data. The bug fixed in iOS 18.3.2 is in some ways more serious, because the vulnerability can be exploited by a remote attacker operating from anywhere in the world.
While this might sound scary, thankfully the vulnerability patched in iOS 18.3.2 has only been used in targeted attacks against specific people. This indicates a nation state-level adversary could have used the flaw for spying on individuals, so if you don’t fit the bracket of journalist, dissident or businesses operating in certain sectors, you don’t need to worry too much.
Apple Issues Other Updates Alongside iOS 18.3.2
Alongside iOS and iPadOS 18.3.2, Apple issued several other updates fixing the same issue. These include Safari 18.3.1 for its browser, macOS Sequoia 15.3.2 for Macs and visionOS 2.3.2 for the Apple Vision Pro headset.
Notably, Apple has not released an update for iOS 17, which is interesting because Apple says the flaw fixed in iOS 18.3.2 affects iOS 17.2 and before. Since this is a supplementary upgrade, it could mean the iPhone maker already deems the issue as patched in the previous iOS version. However, if you can update to iOS 18, it makes sense to upgrade your iPhone now.
Apple’s iOS 18.3.2 also fixes a bug that could prevent playback of some streaming content.
iOS 18.3.2 Auto-Enables Apple Intelligence, Again
But be warned, some users are saying the update auto-enabled Apple Intelligence again by default, according to a post on Reddit. Many users aren’t happy about Apple re-enabling its AI features by default, as it’s good practice to allow people to opt in to features, especially ones that require a lot of data to perform well.
You might want to turn it off and if so, you can read how to in my guide.
However, Jake Moore, global cybersecurity advisor at ESET, doesn’t find Apple’s move surprising. “Although it seems like a cheeky under-the-radar move by Apple to re-enable Apple intelligence with an iOS update, it is their prerogative to apply the feature to better understand how users adopt it.”
He warns all users to check their settings following updating to iOS 18.3.2. “Similarly, some other settings on an iPhone may also turn back on after a software update. Common examples include location services, analytics, background app refresh and some notifications.”
Security Expert Provides More Detail About The Flaw Fixed in iOS 18.3.2
Security experts agree that the flaw fixed in iOS 18.3.2 is serious — and it goes beyond just Apple.
In fact, one day earlier, Google released an update for its Chrome browser for Mac, Windows and Linux addressing the same vulnerability, Joshua Long Intego’s chief security Analyst, wrote in a blog. Other Chromium-based browsers and apps have begun rolling out corresponding updates.
Google provided a few additional details in its release notes on Monday, where it rated the flaw, CVE-2025-24201, an Out of bounds write in GPU on Mac as having a high impact.
Google’s advisory revealed the vulnerability was reported by Apple Security Engineering and Architecture (SEAR) earlier in March. “Google is aware of reports that an exploit for CVE-2025-24201 exists in the wild,” the tech giant wrote.
Long points out that iOS 18.3.2 sees Apple patch a 2023 vulnerability in 2025. “Notably, Apple points out that the flaw was exploited before iOS 17.2. Apple released that iOS update on Dec. 11., 2023 — well over a year ago,” he writes.
Another interesting observation is that Apple’s iOS releases from Jan. 2025 including iOS 18.3 and macOS Sequoia 15.3, also addressed a security vulnerability, CVE-2025-24085, that “may have been actively exploited against versions of iOS before iOS 17.2., says Long. “Apple technically did not credit any particular researcher for that flaw, but also did not state that the vulnerability was reported anonymously,” he says.
This makes it appear that Apple discovered and patched both of these flaws more than a year after they were first exploited.
Patching flaws so long afterwards could be taking place because the iPhone maker is boosting its security credentials, says Long. “Perhaps an internal team at Apple has been spending time reverse engineering past nation-state level attack chains, in an effort to further harden its operating systems against similar attacks,” he suggests.
Apple has not released any watchOS or tvOS updates. “Despite the fact WebKit is an underlying technology in all of Apple’s operating systems, it’s unclear whether CVE-2025-24201 may be exploitable on watchOS or tvOS,” Long says.
Perhaps most intriguing is the fact that Apple didn’t release iOS 17 updates alongside the iOS 18.3.2 upgrade, Long says, “Notably, Apple chose not to patch CVE-2025-24201 for iPadOS 17 this week — even though the flaw clearly affects that OS. Until now, Apple has been releasing partial security patches for the previous iPad operating system, specifically for devices that are incompatible with iPadOS 18.”
Why You Should Update Now To iOS 18.3.2
It’s true the issue fixed in iOS 18.3.2 was used in targeted attacks, however, it’s only a matter of time before the flaw is taken advantage of by other adversaries. That makes it important that all iPhone users update to iOS 18.3.2 as soon as possible.
Adam Boynton, senior security strategy manager EMEIA at Jamf says it’s “essential that all iOS users update to iOS 18.3.2, as the fix addresses a flaw that has been actively exploited by cybercriminals.”
Vulnerabilities in WebKit should be patched quickly, because it is the framework that powers Safari and renders other web-based content, says Boynton. “In this particular flaw, attackers were able to use maliciously crafted web content to escape the iOS Web Content sandbox. Breaking out of a sandbox allows an attacker to access data in other parts of the operating system,” he warns.
Although the original attack was described as an “extremely sophisticated exploit targeting specific individuals”, cybercriminals will attempt to compromise devices that have not been updated, Boynton says. Therefore, he strongly recommends that users install iOS 18.3.2 “immediately.”
Sylvain Cortes, VP strategy at Hackuity, agrees. “The flaw poses a significant risk to users of older versions of the operating system, particularly those released before iOS 17.2,” Cortes says, adding that he “highly encourage users to update their devices to iOS 18.3.2 as soon as possible to maintain the security and privacy of their data.”
Apple’s iOS 18.3.2 and iPadOS 18.3.2 are available for the iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
So what are you waiting for? Go to Settings > General > Software Update and update to iOS 18.3.2 now.