Update Now: Apple Releases iOS 18.3.2 with an Important Security Fix

Sadly, we’ve long since moved past the days when you could afford to sit out an iPhone software update. In today’s world of bad actors constantly looking for ways to steal your money, data, or even your whole identity, it’s much safer to install the latest updates right away and risk the possibility of a few bugs.

Fortunately, Apple’s minor “sub-point” releases usually don’t introduce too many issues, but they nearly always close down vulnerabilities that hackers and cybercriminals can exploit — and the latest update is no exception.

Apple has just released iOS 18.3.2, along with accompanying updates for its other platforms, and mixed in with the usual small bug fixes is a patch for a potentially harmful security vulnerability.

The good news is that Apple only had a single flaw to address this time around. According to the security update notes for iOS 18.3.2, the update fixes a problem with “maliciously crafted web content” that could potentially break out of its sandbox and expose other data on your device.

Apple also adds that it’s aware of a report that this may have already been exploited, although that’s only happened in “an extremely sophisticated attack against specific targeted individuals.”

Although that may sound like a low-risk scenario — likely something akin to the kind of organizations that use mercenary spyware like Pegasus and Predator — the risks will increase from today onward.

This vulnerability wasn’t well known. It had probably been discovered by a specific company like NSO Group that specializes in hacking tools, and these companies typically don’t share their discoveries, for reasons that should be obvious.

However, as of today, Apple has disclosed the existence of this vulnerability to the entire world. While it thankfully doesn’t spell out the details on how to exploit it, it’s a safe bet that every malicious hacker on the planet reads Apple’s security release notes with great interest, and it won’t take many of them long to figure out how this one works.

The good news is that if you’ve updated to iOS 18.3.2, that won’t matter. Still, hackers know a lot of folks don’t update right away, so they have no problem putting time and effort into targeting older devices.

This problem also isn’t exclusive to the iPhone. Apple had also released iPadOS 18.3.2, macOS Sequoia 15.3.2, and visionOS 2.3.3 to close this vulnerability on the iPad, Mac, and Vision Pro. There’s no full OS update for older versions of macOS, but Apple has instead released Safari 18.3.1 for Ventura and Sonoma. Since the problem exists in Safari’s WebKit, that update should secure those older operating systems.

Apple also released tvOS 18.3.1 for the Apple TV today, but this has no security release notes. Apple’s set-top box is likely immune to this issue as it doesn’t have a Safari browser or any WebKit frameworks. The same is true of the Apple Watch, which hasn’t received any watchOS updates today.

Last month, Apple released iOS 18.3.1 with a security fix for a bug that could allow someone with physical access to your iPhone to disable USB Restricted Mode, potentially letting them use forensic hacking tools to access your device. Today’s iOS 18.3.2 release includes those fixes also, so if you’re still running iOS 18.3 you’ll be patching both vulnerabilities in one fell swoop. You can check for and install any available updates by opening the Settings app and selecting General > Software Update.