Apple has issued urgent security updates to address two critical zero-day vulnerabilities that hackers have exploited in targeted attacks against specific individuals.
Apple is taking significant steps to enhance the security of its devices by releasing urgent updates aimed at fixing two serious vulnerabilities, known as “zero-day” flaws. These vulnerabilities have already been exploited by hackers in targeted attacks against specific individuals.
The updates affect a wide range of Apple products, including iPhones, iPads, Macs, Apple Watches, Apple TVs, and the Safari browser. Apple strongly recommends that all users install these updates to protect their devices.
The vulnerabilities are identified as CVE-2025-43529 and CVE-2025-14174, both of which are found in WebKit, the underlying engine that powers Safari and many other Apple applications. Given WebKit’s central role in the functioning of Apple devices, these flaws can be exploited simply by persuading a user to open a malicious webpage, requiring no additional clicks or downloads.
CVE-2025-43529 is described as a “use-after-free” bug, which occurs when a device attempts to use memory that has already been released. This flaw could allow hackers to execute their own code on the device. The discovery of this vulnerability was made by Google’s Threat Analysis Group (TAG).
On the other hand, CVE-2025-14174 is a memory corruption vulnerability that was reported by both Apple and researchers from Google TAG. This flaw can destabilize device memory, potentially giving attackers control over the affected devices.
The devices impacted by these vulnerabilities include the iPhone 11 and newer models, various iPad Pro models (12.9-inch 3rd generation and newer, 11-inch 1st generation and newer), iPad Air 3 and later, iPad 8 and later, and iPad mini 5 and later. The updates are available as iOS 18.7.3, iPadOS 18.7.3, macOS Tahoe 26.2, OS 26.2 (for Apple Watch, tvOS, and visionOS), and Safari 26.2.
Apple collaborated closely with Google, which has also patched a related vulnerability in its Chrome browser. Security experts have noted that the involvement of Google TAG, which monitors sophisticated threat actors, suggests that these attacks may be targeting high-profile individuals such as diplomats, journalists, activists, or executives, rather than the general public.
This week’s security patches bring the total number of zero-day vulnerabilities fixed in 2025 to at least seven. Experts warn that targeted attacks are becoming increasingly frequent and sophisticated. Therefore, even users who may not consider themselves high-risk should prioritize updating their devices immediately.
To update an iPhone or iPad, users should navigate to Settings > General > Software Update. For Mac users, updates can be found in System Preferences. Older devices may receive standalone patches from Apple. Keeping devices up to date is crucial for safeguarding against these emerging threats.
The ongoing discovery of critical vulnerabilities in widely used software underscores the complex and evolving landscape of digital security in 2025. As technology becomes more integral to daily life, both individuals and organizations face heightened exposure to sophisticated cyber risks. These incidents illustrate that cybersecurity threats extend beyond technical issues, impacting privacy, trust, and the integrity of digital infrastructure.
The frequent emergence of zero-day vulnerabilities highlights the necessity for a proactive approach to cybersecurity. Companies must invest in continuous monitoring, research, and collaboration to identify weaknesses before they can be exploited. Additionally, governments and industry stakeholders are increasingly urged to develop frameworks and standards that enhance resilience across platforms and supply chains.
For the general public, these developments emphasize the importance of cultivating cybersecurity awareness, adopting safe practices, and staying informed about emerging threats. In a rapidly evolving digital environment, maintaining vigilance, planning for contingencies, and prioritizing security measures are essential for mitigating potential disruptions. This situation reflects the ongoing tension between technological advancement and security, underscoring the need for continuous adaptation and responsible management of digital tools and systems.
According to The American Bazaar, the urgency of these updates cannot be overstated, as they play a critical role in protecting users from sophisticated cyber threats.