- Apple Patches Two Zero Day WebKits (CVE‑2025‑43529 and CVE‑2025‑14174) Used in Highly Targeted Attack
- The flaws were jointly discovered by Google TAG and Apple, with Chrome receiving a parallel patch.
- The updates cover iOS, iPadOS, macOS, watchOS, tvOS, visionOS, and Safari, with users encouraged to apply patches quickly.
Apple has patched two zero-day vulnerabilities exploited in a “highly sophisticated attack” that, on balance, could have been a cyberespionage attack against one or more high-level individuals.
In a new security advisory, Apple said it has rolled out a fix for a use-after-free remote code execution (RCE) vulnerability in WebKit, as well as a WebKit memory corruption vulnerability.
WebKit is Apple’s browser engine responsible for rendering web pages. It powers Safari on macOS, iOS and iPadOS and is used by all browsers on iPhone and iPad.
Fixes deployed
Both bugs are now tracked as CVE-2025-43529 and CVE-2025-14174.
“Apple is aware of a report that this issue may have been exploited in a highly sophisticated attack against specific targeted individuals on versions of iOS prior to iOS 26,” Apple’s security bulletin states.
What’s interesting is that both bugs were discovered by Google’s Threat Analysis Group (TAG) (Apple also took credit for the second flaw) – the specialist cybersecurity arm of Google that primarily tracks and monitors state-sponsored threat actors.
It is also curious that at the same time Google fixes the bug with the same identifier – CVE-2025-14174 – in Chrome. This suggests that the two companies worked together to mitigate the risk, which isn’t surprising, but also isn’t that common, and could indicate that the exploit was quite serious.
Devices affected by these vulnerabilities include iPhone 11 and later, iPad Pro 12-9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (8th generation and later), and iPad mini (5th generation and later).
It was fixed in OS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2 and Safari 26.2.
Although the chances of ordinary people being targeted by these flaws are somewhat slim, both companies still suggest everyone apply the patch as soon as possible.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
