On Friday, Apple released important security updates for its devices, including iPhones, iPads, Macs, and more. This patch tackles two critical flaws that hackers have exploited. One of these vulnerabilities is similar to an issue that Google recently fixed in its Chrome browser.
The vulnerabilities include:
- CVE-2025-43529: This is a use-after-free vulnerability in WebKit that could let attackers run malicious code through harmful web content.
- CVE-2025-14174: This memory corruption issue has a CVSS score of 8.8, indicating high severity. It also allows for memory corruption via harmful web content.
Apple noted that these vulnerabilities might have been used in sophisticated attacks against targeted individuals on earlier iOS versions. Notably, CVE-2025-14174 is the same issue Google patched on December 10, 2025. Google described it as an out-of-bounds memory access in its graphics library.
Both Apple’s Security Engineering and Architecture team and Google’s Threat Analysis Group helped discover these flaws. This collaboration illustrates the growing trend of tech companies working together to enhance cybersecurity.
Given that both vulnerabilities affect WebKit, which is the backbone for third-party browsers like Chrome and Firefox on iOS, they could pose serious risks. They were likely exploited in specific targeted attacks, particularly involving mercenary spyware.
The updates are available for a range of devices:
- iOS 26.2 and iPadOS 26.2: Compatible with iPhone 11 and newer models, along with several iPad models.
- iOS 18.7.3 and iPadOS 18.7.3: For iPhone XS and newer, and various iPad models.
- macOS Tahoe 26.2: For Macs running the latest macOS.
- tvOS 26.2: For all models of Apple TV.
- watchOS 26.2: For Apple Watch Series 6 and later.
- visionOS 26.2: For Apple Vision Pro.
- Safari 26.2: For Macs with the latest operating systems.
This update is part of Apple’s ongoing effort to address security threats. In 2025 alone, Apple has patched nine zero-day vulnerabilities that were actively exploited, highlighting the need for users to keep their devices updated. Experts stress the importance of these updates, especially as cyberattacks become increasingly sophisticated. For those interested in cybersecurity knowledge, you can also check out resources from the Cybersecurity & Infrastructure Security Agency.
Source link
cyber security news, cyber news, cyber security news today, cyber security updates, cyber updates, hacker news, hacking news, software vulnerability, cyber attacks, data breach, ransomware malware, how to hack, network security, information security, the hacker news, computer security
