iOS 18.3.2解决了Webkit中的一个关键安全漏洞,该框架是Safari用于渲染网页的框架。这种漏洞使精心制作的Web内容可能会脱离Web内容沙箱,这是一个安全功能,旨在隔离Web内容,无法访问本地设备资源[1] [2] [3]。该问题被确定为一个不合时宜的写问题,苹果通过实施改进的检查以防止未经授权的措施来解决它[2] [4]。
据报道,这种漏洞是在极其复杂的攻击中利用了针对特定个体的iOS版本17.2 [4] [6]之前的。尽管此问题的主要解决方案是在iOS 17.2中实施的,但iOS 18.3.2提供了补充补丁,以确保对这种威胁的全面保护[6] [7]。与iOS 18.3.1中固定的漏洞相比,可以远程利用它的紧迫性,它可以远程利用,该漏洞需要对设备进行物理访问[3] [4]。
提供的来源中未明确提及此漏洞的CVE标识符,但它被描述为零日错误,这意味着苹果工程师以前未知,但在释放补丁之前可能已经被黑客利用了[5]。该更新对于维持设备安全性至关重要,尤其是因为它解决了可以通过互联网利用的缺陷,可能来自世界任何地方[3]。
引用:
[1] https://www.forbes.com/sites/kateoflahertyuk/2025/03/12/ios-1832-update-now-now-warning-sissue--sosed-to-sosed-to-to-all-iphone-users/
[2] https://www.techradar.com/computing/software/update-your-apple-device-now-ios-now-ios-18-3-2-fixes-a-fixes-a-flaw-flaw-explo- by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-by-Hackers
[3] https://www.cnet.com/tech/services-and-software/download-ios-18-3-2-right-now-now-now-to-patch-patch-this-security-issue/
[4] https://www.securityweek.com/apple-ships-ios-18-3-2-to-fix-already-exploited-webkit-flaw/
[5] https://www.deccanherald.com/technology/gadgets/apple-rolls-ut-ios-1832-with-critical-software-patch-for-patch-for-zero-path-- Zero-Zero-day-bug-in-iphone-34443201
[6] https://appleinsider.com/articles/25/03/03/11/dont-wait-wait-wait-to-------ios-1832-fixes-fixes-an-activelively-exploited-sissue
[7] https://9to5mac.com/2025/03/11/this-is-this-thes-the-one-security-fix-added-in-ios-18-3-2-and-more/
[8] https://support.apple.com/en-us/121161
[9] https://www.macrumors.com/2025/03/11/ios-18-3-2-2-security-fixes/
[10] https://www.youtube.com/watch?v=8rbbBzDKHKBA
[11] https://www.simplymac.com/apps/apple-releases-safari-18-3-1
[12] https://www.bitdefender.com/en-us/blog/hotforsecurity/patch-iphone-ios-18-3-2-webkit-hackit-hacker-hacker-shackers-sophatisation-sathacks