Apple has issued urgent security updates to address two zero-day vulnerabilities in WebKit, which were actively exploited in targeted attacks against specific individuals.
Apple has released emergency security updates to address two zero-day vulnerabilities that were actively exploited in highly targeted attacks. The company characterized these incidents as “extremely sophisticated,” aimed at specific individuals rather than the general public. While Apple did not disclose the identities of the attackers or victims, the limited scope of the attacks suggests they may be linked to spyware operations rather than widespread cybercrime.
Both vulnerabilities affect WebKit, the browser engine that powers Safari and all browsers on iOS devices. This raises significant risks, as simply visiting a malicious webpage could trigger an attack. The vulnerabilities are tracked as CVE-2025-43529 and CVE-2025-14174, and Apple confirmed that both were exploited in the same real-world attacks.
CVE-2025-43529 is a WebKit use-after-free vulnerability that can lead to arbitrary code execution when a device processes maliciously crafted web content. Essentially, this flaw allows attackers to execute their own code on a device by tricking the browser into mishandling memory. Google’s Threat Analysis Group discovered this vulnerability, which often indicates involvement from nation-state or commercial spyware entities.
The second vulnerability, CVE-2025-14174, also pertains to WebKit and involves memory corruption. Although Apple describes the impact as memory corruption rather than direct code execution, such vulnerabilities are frequently chained with others to fully compromise a device. This issue was discovered jointly by Apple and Google’s Threat Analysis Group.
Apple acknowledged that it was aware of reports confirming active exploitation in the wild, a statement that is particularly significant as it typically indicates that attacks have already occurred rather than merely presenting theoretical risks. The company addressed these vulnerabilities through improved memory management and enhanced validation checks, although it did not provide detailed technical information that could assist attackers in replicating the exploits.
The patches have been released across all of Apple’s supported operating systems, including the latest versions of iOS, iPadOS, macOS, Safari, watchOS, tvOS, and visionOS. Affected devices include iPhone 11 and newer models, multiple generations of iPad Pro, iPad Air from the third generation onward, the eighth-generation iPad and newer, and the iPad mini starting with the fifth generation. This update covers the vast majority of iPhones and iPads currently in use.
The fixes are available in iOS 26.2 and iPadOS 26.2, as well as in earlier versions such as iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2, and Safari 26.2. Since Apple mandates that all iOS browsers utilize WebKit, the underlying issues also affected Chrome on iOS.
In light of these highly targeted zero-day attacks, users are encouraged to take several practical steps to enhance their security. First and foremost, it is crucial to install emergency updates as soon as they are available. Delaying updates can provide attackers with the window they need to exploit vulnerabilities. For those who often forget to update their devices, enabling automatic updates for iOS, iPadOS, macOS, and Safari can help ensure ongoing protection.
Most WebKit exploits begin with malicious web content, so users should exercise caution when clicking on links received via SMS, WhatsApp, Telegram, or email, especially if they are unexpected. If something seems off, it is safer to manually type the website address into the browser.
Installing antivirus software on all devices is another effective way to safeguard against malicious links that could install malware or compromise personal information. Antivirus programs can also alert users to phishing emails and ransomware scams, providing an additional layer of protection for personal data and digital assets.
For individuals who are journalists, activists, or handle sensitive information, reducing their attack surface is advisable. This can include using Safari exclusively, avoiding unnecessary browser extensions, and limiting the frequency of opening links within messaging apps. Apple’s Lockdown Mode is specifically designed for targeted attacks, restricting certain web technologies and blocking most message attachments.
Another proactive measure is to minimize personal data available online. The more information that is publicly accessible, the easier it is for attackers to profile potential targets. Users can reduce their visibility by removing data from broker sites and tightening privacy settings on social media platforms.
While no service can guarantee complete removal of personal data from the internet, utilizing a data removal service can be a smart choice. These services actively monitor and systematically erase personal information from numerous websites, providing peace of mind and reducing the risk of being targeted by scammers.
Users should also be aware of warning signs that their devices may be compromised, such as unexpected crashes, overheating, or sudden battery drain. While these symptoms do not automatically indicate a security breach, consistent issues warrant immediate updates and potentially resetting the device.
Although Apple has not disclosed specific details regarding the individuals targeted or the methods of attack, the pattern aligns closely with previous spyware campaigns that have focused on journalists, activists, political figures, and others of interest to surveillance operators. With these recent patches, Apple has now addressed seven zero-day vulnerabilities exploited in the wild in 2025 alone, including flaws disclosed earlier this year and a backported fix in September for older devices.
Have you installed the latest iOS or iPadOS update yet, or are you still putting it off? Let us know by writing to us at Cyberguy.com.
According to CyberGuy.com, staying informed and proactive about security updates is essential for protecting personal devices against targeted attacks.