What are Apple's zero-day vulnerabilities?

These are critical security flaws in Apple software that attackers exploit before Apple can release a fix, affecting versions prior to iOS 26.

How can I protect myself from Apple's WebKit exploits?

Install Apple's emergency security updates immediately and avoid clicking on suspicious links from unknown sources.

Which Apple devices are affected by the zero-day flaws?

Affected devices include iPhone 11 and newer, several iPad models, and other Apple devices running older iOS versions.

Home / Technology / Apple's Zero-Day Flaws: Are You Vulnerable?

Apple's Zero-Day Flaws: Are You Vulnerable?

28 Dec, 2025

•

Summary

Apple released emergency updates for two exploited zero-day vulnerabilities.
Flaws in WebKit affect Safari and other browsers on iOS devices.
Users should update immediately and avoid suspicious links.

Apple's Zero-Day Flaws: Are You Vulnerable?

Apple has released urgent security updates to patch two zero-day vulnerabilities that attackers were actively exploiting. Described as "extremely sophisticated attacks," these exploits targeted specific individuals, suggesting spyware operations rather than broad cybercrime. Both vulnerabilities reside within WebKit, the browser engine powering Safari and other browsers on iOS, posing a significant risk.

The flaws, tracked as CVE-2025-43529 and CVE-2025-14174, were exploited in real-world attacks affecting versions of iOS prior to iOS 26. CVE-2025-43529 is a use-after-free vulnerability enabling arbitrary code execution, while CVE-2025-14174 involves memory corruption. Apple credits Google's Threat Analysis Group with discovering these issues, often indicative of nation-state or commercial spyware.