526/68 Tuesday, December 16, 2025
Apple has released emergency security updates across all of its operating systems-including macOS, iOS, iPadOS, tvOS, watchOS, and visionOS-to address two zero-day vulnerabilities, tracked as CVE-2025-14174 and CVE-2025-43529. These flaws involve memory corruption and use-after-free issues within the WebKit engine used by the Safari browser. Both vulnerabilities could allow attackers to achieve arbitrary code execution on a victim’s device simply by luring them into visiting a specially crafted web page.
Apple stated that these vulnerabilities have been exploited in highly sophisticated attacks, primarily targeting devices running iOS versions earlier than iOS 26. Based on the observed attack techniques and threat intelligence analysis, the activity appears to be linked to commercial spyware vendors that typically target high-profile individuals, leveraging advanced exploitation methods for surveillance and data exfiltration.
To mitigate the risk of ongoing exploitation, Apple strongly urges users to update their devices immediately to the latest available versions, including iOS/iPadOS 26.2, iOS/iPadOS 18.7.3 (for older devices), macOS Tahoe 26.2, Safari 26.2, tvOS 26.2, watchOS 26.2, and visionOS 26.2. Failure to apply these updates may leave devices exposed to vulnerabilities that are currently being exploited in the wild
Source https://www.securityweek.com/apple-patches-two-zero-days-tied-to-mysterious-exploited-chrome-flaw/
