Home / Technology / Apple's Zero-Day Flaws: Are You Vulnerable?
Apple's Zero-Day Flaws: Are You Vulnerable?
28 Dec
Summary
- Apple released emergency updates for two exploited zero-day vulnerabilities.
- Flaws in WebKit affect Safari and other browsers on iOS devices.
- Users should update immediately and avoid suspicious links.
Apple has released urgent security updates to patch two zero-day vulnerabilities that attackers were actively exploiting. Described as "extremely sophisticated attacks," these exploits targeted specific individuals, suggesting spyware operations rather than broad cybercrime. Both vulnerabilities reside within WebKit, the browser engine powering Safari and other browsers on iOS, posing a significant risk.
The flaws, tracked as CVE-2025-43529 and CVE-2025-14174, were exploited in real-world attacks affecting versions of iOS prior to iOS 26. CVE-2025-43529 is a use-after-free vulnerability enabling arbitrary code execution, while CVE-2025-14174 involves memory corruption. Apple credits Google's Threat Analysis Group with discovering these issues, often indicative of nation-state or commercial spyware.
Patches are available across all supported operating systems, including iOS 26.2, iPadOS 26.2, macOS Tahoe 26.2, and others. Affected devices include iPhone 11 and newer, various iPad models, and Apple Watches. Users should enable automatic updates and exercise caution with links from unknown sources to mitigate risks from these and similar targeted attacks.
