Apple fixes zero-day vulnerabilities in emergency security update

Apple released urgent security updates to fix two zero-day vulnerabilities that attackers actively used in targeted attacks.

The company described the activity as an “extremely sophisticated attack” targeting specific individuals. Although Apple did not name either the attackers or the victims, the limited scope of the attacks strongly suggests espionage operations rather than widespread cybercrime.

Both vulnerabilities affect WebKit, the Safari browser engine, and all browsers on iOS. As a result, the risk is significant. In some cases, simply visiting a malicious web page may be enough to trigger an attack.

Below we'll break down what these vulnerabilities mean and explain how you can better protect yourself.

Subscribe to my FREE CyberGuy Report
Get my best tech tips, breaking security alerts, and exclusive offers straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

NEW IPHONE SCAM MAKES OWNERS GIVE UP PHONES GIVEAWAY

What Apple says about zero-day vulnerabilities

The two vulnerabilities are tracked as CVE-2025-43529 and CVE-2025-14174, and Apple has confirmed that both were used in the same real-life attacks. According to Apple's security bulletin, the vulnerabilities were used in versions of iOS released before iOS 26, and the attacks were limited to “specific targets.”

CVE-2025-43529 is a WebKit use-after-free vulnerability that can lead to arbitrary code execution when a device processes malicious web content. Simply put, it allows attackers to run their own code on the device, tricking the browser into mishandling memory. Apple credited Google's Threat Intelligence Team for discovering the vulnerability, which is often a strong indicator of government or commercial espionage activity.

The second vulnerability, CVE-2025-14174, is also a WebKit issue, this time involving memory corruption. Although Apple describes the impact as memory corruption rather than direct code execution, these types of bugs often chain together with other vulnerabilities to completely compromise a device. Apple says this issue was discovered jointly by Apple and Google's threat intelligence team.

In both cases, Apple admitted that it was aware of reports confirming the active exploitation of vulnerabilities. This wording is important because Apple typically reserves it for situations where attacks have already occurred, and not just for theoretical risks. The company says it has addressed the bugs through improved memory management and more efficient checks, without disclosing deeper technical details that could help attackers reproduce the exploits.

Affected Devices and Signs of Coordinated Disclosure

Apple has released patches on all supported operating systems, including the latest versions of iOS, iPadOS, macOS, Safari, watchOS, tvOS and VisionOS.

According to Apple, affected devices include iPhone 11 and later, multiple generations of iPad Pro, iPad Air from the third generation onwards, iPad from the eighth generation and later, and iPad mini from the fifth generation onwards. This applies to the vast majority of iPhones and iPads that are still in active use.

Apple has fixed flaws throughout its entire ecosystem. The fixes are available in iOS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, VisionOS 26.2 and Safari 26.2. Since Apple requires all iOS browsers to use WebKit, the same underlying issue has affected Chrome on iOS.

6 steps you can take to protect yourself from such vulnerabilities

Here are six practical steps you can take to stay safe, especially in light of targeted zero-day attacks like this one.

REAL APPLE SUPPORT LETTERS ARE USED IN NEW PHISHING Scam

1) Install updates as soon as they come out

This sounds obvious, but it matters more than anything else. Zero-day attacks rely on people using outdated software. If Apple sends an emergency update, install it on the same day if possible. Delaying updates is often the only thing attackers need. If you tend to forget about updates, let your devices do them for you. Enable automatic updates for iOS, iPadOS, macOS, and Safari. This way, you'll be protected even if you miss the news or travel.

2) Be careful with links, even from people you know.

Most WebKit exploits start with malicious web content. Don't click on random links sent via SMS, WhatsApp, Telegram or email unless you are expecting them. If something is wrong, open the site later by entering the address yourself.

The best way to protect yourself from malicious links that install malware and potentially access your personal information is to install antivirus software on all of your devices. This protection can also warn you about phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for 2025's top antivirus protection winners for your Windows, Mac, Android, and iOS devices at Cyberguy.com.

3) Use a blocking style view setting.

If you're a journalist, activist, or someone who deals with sensitive information, consider reducing your attack surface. Use safari onlyAvoid unnecessary browser extensions and limit how often you open links within messaging apps.

4) Turn on blocking mode if you feel dangerous.

Apple's blocking mode is designed specifically for targeted attacks. It limits certain web technologies, blocks most message attachments, and limits attack vectors commonly used by spyware. It's not for everyone, but it exists for situations like these.

5) Reduce disclosure of personal data

Targeted attacks often begin with profiling. The more personal information about you circulates online, the easier it is to target you. Removing data from broker sites and tightening privacy settings on social media can reduce your visibility.

Although no service can guarantee complete removal of your data from the Internet, data deletion service really a smart choice. They don't come cheap, and neither does your privacy. These services do all the work for you, actively monitoring and systematically removing your personal information from hundreds of websites. This is what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk that scammers will link leaked data to information they can find on the dark web, making it harder for them to target you.

Check out my top data removal services and get a free scan to see if your personal information has already been published online by visiting Cyberguy.com.

Get a free scan to see if your personal information has already been published online: Cyberguy.com.

6) Pay attention to unusual behavior of the device.

Sometimes unexpected crashes, overheating, sudden battery drain, or Safari closing spontaneously may occur. warning signs. This does not automatically mean that your device is jailbroken. However, if something constantly seems wrong, updating and rebooting your device immediately is a smart move.

Kurt's Key Takeaway

Apple did not disclose details about who was the victim of the attacks or how they were carried out. However, this model is closely related to past spy campaigns targeting journalists, activists, political figures and others of interest to surveillance operators. With these patches, Apple has addressed seven zero-day vulnerabilities that were not actively exploited until 2025. This includes flaws discovered earlier this year and a fix released in September for older devices.

You have installed the latest version Updating iOS or iPadOS or are you still putting it off? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Subscribe to my FREE CyberGuy Report
Get my best tech tips, breaking security alerts, and exclusive offers straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright CyberGuy.com 2025. All rights reserved.