Apple has released several updates with a supplementary fix for an attack that the company says was blocked in iOS 17.2. These include iOS 18.3.2 and iPadOS 18.3.2, macOS 15.3.2 Sequoia, visionOS 2.3.2, and Safari 18.3.1 for macOS 13 Ventura and macOS 14 Sonoma. (Apple also released tvOS 18.3.1 to fix a bug that may prevent playback of some streaming content on the 3rd-generation Apple TV 4K. It has no security release notes and may not have needed the supplementary fix.)
The updates prevent maliciously crafted Web content from breaking out of the Web Content sandbox and kicking sand in the faces of Apple users everywhere. The original vulnerability was exploited in what Apple describes as an âextremely sophisticatedâ attack against specific targeted individuals on versions of iOS before iOS 17.2.
Apple identifies this latest vulnerability as CVE-2025-24201. Apple filing a CVE is unusual, as the company typically only acknowledges external researchers and organizations while remaining silent about vulnerabilities discovered internally.
Given Appleâs reference to the attack being blocked over a year ago, I spent some time trying to piece together what may have taken place. Data points include:
iOS 17.2, released on 11 December 2023, fixes four WebKit vulnerabilities to block maliciously crafted Web content. However, Apple does not describe any of these vulnerabilities as capable of escaping the Web Content sandbox. Nor does Apple use language indicating that a zero-day vulnerability is being exploited. See âAppleâs End-of-Year OS Updates Add Promised Features, Security Updatesâ (11 December 2023).
iOS 17.2.1, released on 19 December 2023, has no published CVE entries and thus no security release notes. However, it was accompanied by updates to iOS 16.7.4 and iPadOS 16.7.4, macOS Sonoma 14.2.1, and Safari 17.2.1 for the two previous versions of macOS. Of the releases, only macOS 14.2.1 has any security release notes, but they detail a Screen Sharing vulnerability (see âApple Releases macOS 14.2.1, iOS 17.2.1, iOS 16.7.4, and iPadOS 16.7.4,â 19 December 2023).
In the release notes for Google Chrome 134.0.6998.88/.89, Google credits Apple Security Engineering and Architecture for CVE-2025-24201. Google characterizes the vulnerability as âOut of bounds write in GPU on Mac,â saying it âis aware of reports that an exploit for CVE-2025-24201 exists in the wild.â
In other words, despite Appleâs statement, I donât think iOS 17.2 blocks the âextremely sophisticated attack against specific targeted individuals.â When I combine the lack of release notes for iOS 17.2.1 with the release of Safari 17.2.1 (suggesting a WebKit vulnerability) and the late December release date, I believe that this second set of releases was aimed at rebuilding the Web Content sandbox, but Apple could stay quiet about the details because it discovered the problem internally. Perhaps Apple was speaking loosely by including iOS 17.2.1 when it said that versions of iOS before iOS 17.2 were affected.
I suspect that Apple would have quietly integrated this fix into its next set of updates, except that it also affected Google Chrome. That required going public and filing a CVE, and once that had happened, Apple had no choice but to release these updates immediately to ensure that its current operating systems werenât vulnerable.
Practically speaking, I think itâs important to update, but not in panic mode. Although this supplementary fix is associated with a zero-day exploit, it occurred over a year ago and was used against âspecific targeted individuals,â so the vulnerability is probably not the sort of thing that would be leveraged in malware against everyday Apple users in the next few days. Install the updates as soon as itâs convenient, and stay safe out there.
A word of warning to all those who prefer to keep Apple Intelligence switched off. Itâs been reported that both the macOS 15.3.2 and the iOS 18.3.2 update turn it back on. After installing the update, make sure to switch it back off.
Apple Intelligence remained Off following the macOS 15.3.2 install (thanks, Simon, for the heads up though)
One thing I think I may be able to pin on the update is Finder + Spotlight have become very sluggish since the update⌠taking abnormally long to respond to mundane tasks (e.g., copying/moving/creating/saving even small documents & folders, including increased time dragging URL.weblocâs from Safari into Finder
⌠this on my 2024 Mac mini M4
Updated. Interesting. My iPad mini does not seem to have Apple Intelligence. Siri is still off and always has been. Maybe that had an affect. Thanks though.
I installed the MacOS 15.3.2 update without trouble, but for the first time I had to enter the password for my Wi-Fi network after the update finished. It connected to my network just fine, but Iâve never had to do this with a MacOS update. Interesting.
TIP: It appears you can block Apple Intelligence/Siri from enabling itself after an update on macOS by changing the Language setting (to something that does not match your system Language).
I saw this mentiond somewhere last month and it worked when I allowed the 15.3.2 update on a mini M4. I had all the Software update check boxes off, so this was when I opened the Settings panel and approved the update. On restart, I checked Apple Intelligence and it was still off and there was an error message about the Language.
I have also tried this on iPhones and it behaves a little different. With the Language changed, after the update restart it changed the Language back to English, but Apple Intelligence was off. It is almost as if iOS tried to switch Ap.Int. on, failed due to the language mismatch, altered the language setting, but then never went back to the main on/off setting?
I still advise anyone trying this trick to check the Apple Intelligence settings after any update to macOS / iOS. I would expect Apple to correct this as time goes on, and especially as other languages are supported.
The sluggishness I reported earlier may well have been a result of having multiple locally attached USB HDDâs, mostly used for backups. When I added the backups to System Settings > Spotlight > Search Privacy to prevent Spotlight from searching them the sluggish seems to have abated - a breath of fresh air
⌠as an additional measure, I re-arranged my some of the backup âdestinationâ USB HDDs so I could have Carbon Copy Cloner eject the volumes after performing backups
⌠one of the clues was Spotlight returning duplicate entries, one on the internal drive and one from one of the backups
Kinda surprising how many Finder and Spotlight related actions were affected by having Spotlight search those HDDâs (including the TextSnipper app) - it even reared itâs head in Excel when it initiated âauto-saveâ actions - beach-balling
Well then⌠I think Iâve pinned down the culprit responsible for the Finder Sluggishness following the macOS 15.3.2 update
Western Digitalâs MyBook 16
Whenever the sluggishness reared its head (REGULARLY!) I was hearing âgrindingâ sounds as the system accessed the MyBook which had two partitions mounted on the Desktop. Since I was using the MyBook primarily for backups, including a Time Machine partition, I unmounted MyBook (both Time Machine and Carbon Copy Cloner mount the volumes for backup purposes).
GLORY BE!! Finder has reverted to its former spunky speeds without the 3-5 sec. pauses experienced during the slug-days.
I did an experiment: I have another locally attached USB HDD housed in an OWC Mercury Elite Pro Quad. One the the HDDs contains several directories I use regularly and regularly experienced the 3-5 sec delays. I copied the contents of that HDD to the MyBook and WOW the sluggishness time DOUBLED (5-10 sec beach balling) - needless to say I reverted to using the HDD in the Mercury EliteâŚ
That said, the sluggishness started just after the macOS 15.3.2 update. The MyBook had been in service (and mounted on the desktop) since I setup the 2024 Mac mini in January 2025 and everything was remarkably fast â licitly-split. What I suspect is there was some change introduced in 15.3.2 that related to USB connections, that affected the MyBookâs ?firmware?.
⌠now to contact WD support know and suggest they review their firmware
Similarly my Das Keyboard 4 Pro Mechanical Keyboard for Mac, connected via USB A via a USB A-to-USB C hub to the Mac mini, would occasionally loose itâs connection. I could unplug & replug it into the hub to resurrect it. I contacted Das Keyboard tech support who advised macOSâs USB âsystemâ had some âissuesâ - the âfixâ for the keyboard was to remove it from the USB hub and plug it directly into one of the Mac miniâs USB C ports using a USB A-to-USB C adapter
I had to do the same (USB A-to-USB C adapter) for both a new Pioneer BDR-XS07UHD 6x Portable USB 3.1 Gen 1 Blu-ray drive and my old Apple USB SuperDrive.
The Pioneer Blu-ray drive was kind of a worthless purchase when I discovered macOS anything doesnât play Blu-ray Discs⌠well, OK, thereâs a few âhacksâ out there as a workaround, but I rarely watch movies on my computers - AppleTV instead. I mainly use the DVD/Blu-Ray drives to rip music CDâs and movie DVDâs)
Bottom line - Iâm a happy camper (weâre back home in Kansas, Toto)
Please forgive the lengthy post but thought it would be useful info to have available for others who may be having similar issues + me thinks I hail from the âLong-Windedâ tribeâŚ
A 3-5s delay, while waiting for a sleeping HDD to spin-up again, doesnât strike me as unusual. If the drive doesnât go to sleep, it should respond much faster.
That having been said, this option may not actually change anything. many HDDs (especially those sold as âgreenâ products) will spin-down when they detect idle time, regardless of how macOS is configured. But if you have this option enabled, you might want to disable it and see if anything changes.
Iâve left that Energy setting OFF as I wasnât sure what effects it may have on the several drives locally attached to my computers. Since, currently most are used for backups occurring overnight, I have Carbon Copy Cloner eject them when done with the backups. I previously left the MyBook mounted erroneously thinking Time Machine needed it mounted to do its thing, but I now know otherwise.
I got the MyBook both for backups and for off-loading some of my infrequently used âstuffâ from the Mac miniâs internal drive (1 TB SSD) with the goal of keeping the internal drive below 75% full. Guess Iâll be using one of the other âspareâ USB HDDs for that purpose until WD getâs its act together. I have âspareâ drives because Iâve upsized the HDDs in my Synology DS418play01 NAS a couple/few timesâŚ
Iâll point out that Apple in its infinite wisdom has decided to hide the sleep HDD option, at least in Sequoia, if you do not at the time have a HDD attached. So if you happen to have disconnected your old HDD, you wonât be shown this option at all. Just attach and mount any HDD to see what you have this option set to. Note it has to be a HDD, SSDs alone wonât trigger display of the option.
