top of page
perceptive_background_267k.jpg

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

Published:

13 december 2025 om 05:32:00

Alert date:

13 december 2025 om 07:01:06

Source:

thehackernews.com

Click to open the original link from this advisory

Operating Systems, Mobile & IoT, Web Technologies, Zero-Day Vulnerabilities

Apple released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari to address two WebKit security flaws exploited in the wild. One vulnerability (CVE-2025-43529) is a use-after-free flaw in WebKit that was also patched by Google in Chrome earlier this week. The vulnerabilities are actively being exploited, prompting urgent security updates across Apple's ecosystem. Apple confirmed the flaws have been used in real-world attacks. The updates address critical WebKit vulnerabilities affecting multiple Apple platforms and Safari browser.

Technical details

Two WebKit vulnerabilities were exploited in the wild: CVE-2025-43529 is a use-after-free vulnerability that may lead to arbitrary code execution when processing maliciously crafted web content, and CVE-2025-14174 is a memory corruption issue that may lead to memory corruption when processing maliciously crafted web content. CVE-2025-14174 is an out-of-bounds memory access in Google's ANGLE library, specifically in its Metal renderer. These flaws were exploited in extremely sophisticated attacks against specific targeted individuals on iOS versions before iOS 26, likely in mercenary spyware attacks.

Mitigation steps:

Update to the latest versions: iOS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2, and Safari 26.2 depending on your device model and operating system version.

Affected products:

iOS 26.2 and iPadOS 26.2 - iPhone 11 and later
iPad Pro 12.9-inch 3rd generation and later
iPad Pro 11-inch 1st generation and later
iPad Air 3rd generation and later
iPad 8th generation and later
and iPad mini 5th generation and later
iOS 18.7.3 and iPadOS 18.7.3 - iPhone XS and later
iPad Pro 13-inch
iPad Pro 12.9-inch 3rd generation and later
iPad Pro 11-inch 1st generation and later
iPad Air 3rd generation and later
iPad 7th generation and later
and iPad mini 5th generation and later
macOS Tahoe 26.2 - Macs running macOS Tahoe
tvOS 26.2 - Apple TV HD and Apple TV 4K (all models)
watchOS 26.2 - Apple Watch Series 6 and later
visionOS 26.2 - Apple Vision Pro (all models)
Safari 26.2 - Macs running macOS Sonoma and macOS Sequoia
WebKit engine
Chrome browser
Google's ANGLE library

Related links:

https://support.apple.com/en-us/100100
https://nvd.nist.gov/vuln/detail/CVE-2025-14174
https://thehackernews.com/2025/12/chrome-targeted-by-active-in-wild.html
https://developer.apple.com/metal/
https://thehackernews.com/2025/12/intellexa-leaks-reveal-zero-days-and.html
https://support.apple.com/en-us/125884
https://support.apple.com/en-us/125885
https://support.apple.com/en-us/125886
https://support.apple.com/en-us/125889
https://support.apple.com/en-us/125890
https://support.apple.com/en-us/125891
https://support.apple.com/en-us/125892

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page