Apple published a security advisory saying that the vulnerability, tracked as CVE-2025-24201, is present in Webkit, the browser engine that drives Safari and other browsers on iPhones and iPads