Icon - support the ZSU Support Ukraine’s Army
Army News Technology Fashion and beauty Horoscopes Psychology Video
PsychologyInvestmentsTravelPropertyFashionTravelHome and gardenLifeFashion and beautyFoodTravelRecipesHomeWar economyTransportAutomotiveMovies and TV showsFashionPsychology 2025HealthcareReal estateHoroscopeExclusiveEurovisionWarShows and starsWar 2024Economy 2024EurovisionPoliticsHoroscopesEconomyUkraineNews of the daySportCelebrityArmyMoviesTechnology
Celebrity
Army
Eurovision
Fashion
Fashion and beauty
Horoscopes
Life
News of the day
Technology
Transport
Video

Social media

Youtube Youtube Facebook Facebook
Main Technology Apple issues emergency fix for active cyber exploits

Apple issues emergency fix for active cyber exploits

Ua en ru
Publication time 31 December 2025 11:33
Apple releases emergency updates to fix two zero-day vulnerabilities
Apple iPhone 17 Pro smartphone in hands. Photo: Unsplash

Apple released urgent security updates to address two zero-day vulnerabilities that attackers were already exploiting in targeted attacks. The company described these attacks as "extremely sophisticated" and aimed at specific individuals, suggesting spyware operations rather than mass cybercrime.

Fox News reports on this.

Advertisement

What is known about the attacks and Apple's updates?

 

There are two vulnerabilities in WebKit, the engine on which Safari and virtually all iOS browsers rely. This means the risk is not limited to Safari; any browser on an iPhone or iPad uses WebKit "under the hood," so the problem is widespread.

Apple reported that the vulnerabilities are tracked as CVE-2025-43529 and CVE-2025-14174. Both vulnerabilities were exploited in real-world attacks. According to Apple's security bulletin, attackers exploited these bugs in versions of iOS released before iOS 26. The bulletin states that the scope of those affected was limited to "specific targeted individuals."

The first vulnerability, CVE-2025-43529, is a use-after-free bug in WebKit. It allows the execution of arbitrary code when processing specially crafted web content. In other words, an attacker can force the browser to incorrectly handle memory and run their code on the device. Apple noted that the Google Threat Analysis Group discovered this issue, which often indicates activity by state-sponsored or commercial "spy" groups.

The second vulnerability, CVE-2025-14174, also affects WebKit and is related to memory corruption. While Apple does not describe it as a direct path to code execution, similar errors are typically exploited alongside other vulnerabilities to fully compromise the device. According to Apple, the company and the Google Threat Analysis Group discovered this problem together.

Apple confirmed reports of active exploitation "in the wild" in both cases, meaning that attacks have already occurred and are not just a theoretical risk. The company added that it closed the vulnerabilities with improved memory management and additional checks, without disclosing technical details.

Updates were released for the entire Apple ecosystem, including iOS, iPadOS, macOS, Safari, watchOS, tvOS, visionOS, and Safari. The patches are available in the following versions: iOS 26.2 and iPadOS 26.2; iOS 18.7.3 and iPadOS 18.7.3; macOS Tahoe 26.2; tvOS 26.2; watchOS 26.2; visionOS 26.2; and Safari 26.2.

Read more:

Apple iPhone personal data virus safety
Volodymyr Mololkin - editor
Author
Volodymyr Mololkin
Advertisement
Advertisement
Advertisement
Advertisement

This website uses cookies

We use cookie

More information