The security vulnerability fixed in iOS 18.3.2 is considered more severe than the one addressed in iOS 17.2 for several reasons:
1. Nature of the Vulnerability: The vulnerability in iOS 18.3.2 is a WebKit flaw, identified as CVE-2025-24201, which allows maliciously crafted web content to escape the Web Content sandbox. This could enable remote attackers to execute unauthorized actions on the device, potentially leading to significant security breaches[1][2][6]. Although iOS 17.2 also patched WebKit vulnerabilities, the specific issue in iOS 18.3.2 was believed to have been fully addressed earlier but required a supplementary fix, indicating its complexity and potential for exploitation[5][9].
2. Exploitation Scope: The vulnerability in iOS 18.3.2 has been exploited in real-world attacks, specifically in "extremely sophisticated" operations targeting high-profile individuals. This suggests that it may have been used by state-sponsored actors or other advanced adversaries, which makes it particularly concerning[1][6]. In contrast, while iOS 17.2 fixed several serious vulnerabilities, there is less evidence of widespread exploitation in sophisticated attacks.
3. Global Accessibility: The WebKit vulnerability in iOS 18.3.2 can be exploited remotely, meaning attackers do not need physical access to the device. This makes it more accessible to a broader range of malicious actors worldwide, increasing the potential for widespread exploitation if not patched promptly[1][2].
4. Targeted Attacks: The fact that the vulnerability was used in targeted attacks against specific individuals suggests that it was exploited for espionage or surveillance purposes. This level of sophistication and intent indicates a higher severity compared to more general vulnerabilities addressed in iOS 17.2[1][6].
In summary, while both iOS 17.2 and iOS 18.3.2 addressed significant security issues, the vulnerability fixed in iOS 18.3.2 is more severe due to its exploitation in sophisticated attacks, its remote accessibility, and the potential for widespread misuse if not promptly patched.
Citations:
[1] https://www.forbes.com/sites/kateoflahertyuk/2025/03/12/ios-1832-update-now-warning-issued-to-all-iphone-users/
[2] https://www.securityweek.com/apple-ships-ios-18-3-2-to-fix-already-exploited-webkit-flaw/
[3] https://www.forbes.com/sites/kateoflahertyuk/2023/12/12/ios-172-apple-just-gave-all-iphone-users-12-new-reasons-to-update-now/
[4] https://cyble.com/blog/apple-issues-urgent-security-advisory-for-ios-and-ipados-vulnerabilities/
[5] https://appleinsider.com/articles/25/03/11/dont-wait-to-update-ios-1832-fixes-an-actively-exploited-issue
[6] https://arstechnica.com/security/2025/03/apple-patches-0-day-exploited-in-extremely-sophisticated-attack/
[7] https://www.preemptive.com/blog/what-are-the-ios-security-vulnerabilities/
[8] https://www.techradar.com/pro/security/apple-fixes-dangerous-zero-day-used-in-attacks-against-iphones-and-ipads
[9] https://9to5mac.com/2025/03/11/this-is-the-one-security-fix-added-in-ios-18-3-2-and-more/
[10] https://www.csoonline.com/article/3821833/apple-issues-emergency-patches-to-contain-an-extremely-sophisticated-attack-on-targeted-individuals.html
[11] https://www.bitdefender.com/en-us/blog/hotforsecurity/patch-iphone-ios-18-3-2-webkit-hackers-sophisticated-attacks