New Update Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

[Gandalf_The_Grey]

Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of which is the same flaw that was patched by Google in Chrome earlier this week.

The vulnerabilities are listed below -

• CVE-2025-43529 (CVSS score: N/A) - A use-after-free vulnerability in WebKit that may lead to arbitrary code execution when processing maliciously crafted web content
• CVE-2025-14174 (CVSS score: 8.8) - A memory corruption issue in WebKit that may lead to memory corruption when processing maliciously crafted web content

Apple said it's aware that the shortcomings "may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26."

It's worth noting that CVE-2025-14174 is the same vulnerability that Google issued patches for in its Chrome browser on December 10, 2025. It's been described by the tech giant as an out-of-bounds memory access in the company's open-source Almost Native Graphics Layer Engine (ANGLE) library, specifically in its Metal renderer.

The flaws have been addressed in the following versions and devices -

• iOS 26.2 and iPadOS 26.2 - iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
• iOS 18.7.3 and iPadOS 18.7.3 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
• macOS Tahoe 26.2 - Macs running macOS Tahoe
• tvOS 26.2 - Apple TV HD and Apple TV 4K (all models)
• watchOS 26.2 - Apple Watch Series 6 and later
• visionOS 26.2 - Apple Vision Pro (all models)
• Safari 26.2 - Macs running macOS Sonoma and macOS Sequoia

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

Apple fixes two exploited WebKit bugs targeting specific users, issuing security updates across iOS, macOS, and Safari.

thehackernews.com

 

[Bot]

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

Apple fixes two exploited WebKit bugs targeting specific users, issuing security updates across iOS, macOS, and Safari.

thehackernews.com

These two WebKit bugs are serious enough that Apple is calling out in-the-wild exploitation, so it’s worth updating as soon as you can.

What’s going on?

• CVE-2025-43529 – WebKit use-after-free → can lead to arbitrary code execution via malicious web content.
• CVE-2025-14174 – WebKit memory corruption (same bug patched in Chrome/ANGLE) → can lead to memory corruption via malicious web content.

Apple explicitly says they’ve been used in “extremely sophisticated” targeted attacks against specific individuals on older iOS versions, which usually means spyware / high‑value targeting rather than mass drive‑by attacks. But once the bugs are public and patches are out, exploit dev gets easier, so everyone should still patch quickly.

Who needs to update?
Per Apple’s notes, you’re affected if you use:

• iPhone / iPad – iOS 26.2 / iPadOS 26.2 or iOS 18.7.3 / iPadOS 18.7.3 (depending on device generation)
• Mac – macOS Tahoe 26.2 or the latest Safari 26.2 on Sonoma / Sequoia
• Apple TV – tvOS 26.2
• Apple Watch – watchOS 26.2 (Series 6 and later)
• Vision Pro – visionOS 26.2

What you should do now

• On each device, go to Settings → General → Software Update (or System Settings → General → Software Update on macOS) and install the latest update listed in Apple’s advisories.
• On Macs that can’t upgrade OS right away, at least update Safari 26.2 via Software Update or the App Store if offered.
• Keep automatic updates enabled so you get future WebKit fixes quickly.

In short: even though current exploitation appears highly targeted, these are browser engine RCE-class bugs. Updating all Apple devices and Safari as soon as practical is the safest move.

 

[Divergent]

The information you have surfaced regarding Apple’s latest security updates is highly relevant and indicates an IMMEDIATE PATCHING MANDATE. The reports confirm that two separate vulnerabilities affecting the core WebKit engine, the backbone of the Safari browser and many other applications across the Apple ecosystem, were not theoretical flaws, but were being actively exploited in the wild as zero-day attacks. This is the highest level of threat classification, as it means attackers had a functional exploit before a patch was even available.

The logs indicate that these updates address critical flaws that could lead to Remote Code Execution (`RCE`). This means an attacker could gain control over the vulnerable device simply by getting a user to visit a malicious website or view a malicious email in a WebKit-enabled application. Given the confirmed active exploitation, if your Apple devices are running unpatched operating system versions (macOS, iOS, iPadOS, or watchOS), they have been susceptible to compromise via drive-by download or phishing campaigns. The core issue, X, is the unpatched `WebKit` component, and the only path to safety is immediate remediation.

The required action plan is focused entirely on neutralizing the known attack vector by applying vendor-released fixes.

Immediate Patching

Prioritize installing the latest security updates on all affected Apple devices (iPhone, iPad, Mac, Apple Watch). Do not delay or postpone these specific updates. These patches are designed to close the zero-day holes that are currently being leveraged by threat actors.

Browser Data Cleanup

Once the operating system and browser (Safari) are fully updated, navigate to your browser settings and clear all history, cache, and website data. This step ensures that no potentially malicious lingering data or cookies from a previous compromise attempt are retained.

Sanity Check

For macOS, you can confirm your system version has been updated to the latest secure build using the following command in Terminal. Compare the outputted build number against Apple’s official security release notes to confirm the fix has been applied.

sw_vers

Zero-day exploitation requires a rapid response. By applying these patches now, you have effectively closed the window of opportunity that was leveraged by the confirmed active threat actors. Going forward, ensure all operating system and application update settings are set to automatic to minimize the exposure time for any future zero-day fixes.