Article Details

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild. Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of which is the same flaw that was patched by Google in Chrome earlier this week. The vulnerabilities are listed below - Apple said it's aware that the shortcomings "may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26." It's worth noting that CVE-2025-14174 is the same vulnerability that Google issued patches for in its Chrome browser on December 10, 2025. It's been described by the tech giant as an out-of-bounds memory access in the company's open-source Almost Native Graphics Layer Engine (ANGLE) library, specifically in its Metal renderer. Apple Security Engineering and Architecture (SEAR) and Google Threat Analysis Group (TAG) have been credited with discovering and reporting the flaw, while Apple credited TAG with finding CVE-2025-43529. This indicates that the vulnerabilities were likely weaponized in highly-targeted mercenary spyware attacks, given that they both affect WebKit, the rendering engine that's also used in all third-party web browsers on iOS and iPadOS, including Chrome, Microsoft Edge, Mozilla Firefox, and others. The flaws have been addressed in the following versions and devices - With these updates, Apple has now patched nine zero-day vulnerabilities that were exploited in the wild in 2025, including CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-31201, CVE-2025-43200, and CVE-2025-43300.