📔 Topics ℹ️ About 📱 iOS App
December 27, 2025
Back to all stories

Apple patches two actively exploited WebKit zero‑days

7m Developing 1 source 5 relevant data

Apple has released emergency security updates across iOS, iPadOS, macOS, watchOS, tvOS, visionOS and Safari to fix two WebKit zero‑day vulnerabilities, CVE‑2025‑43529 and CVE‑2025‑14174, that it says were used in an 'extremely sophisticated' campaign targeting specific individuals. The company, which credits its own researchers and Google’s Threat Analysis Group with discovering the flaws, warns that simply visiting a malicious webpage on affected devices — including iPhone 11 and newer and recent iPads — could enable arbitrary code execution and that both bugs were confirmed to be exploited in the wild before iOS 26.

Cybersecurity Apple and Consumer Technology

📌 Key Facts

  • Apple disclosed and patched two WebKit zero‑day flaws, CVE‑2025‑43529 (use‑after‑free leading to arbitrary code execution) and CVE‑2025‑14174 (memory corruption), that were exploited together in real‑world attacks.
  • Apple describes the campaign as an 'extremely sophisticated attack' against 'specific targeted individuals,' suggesting spyware‑style operations rather than broad cybercrime.
  • Patches are available in iOS/iPadOS 26.2 and 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2 and Safari 26.2, covering iPhone 11 and newer, recent iPad Pro, iPad Air, iPad and iPad mini models.
  • Because all iOS browsers must use WebKit, the vulnerabilities also affected third‑party browsers such as Chrome on iOS, and exploitation could occur simply by visiting a malicious webpage.

📊 Relevant Data

In 2025, Apple has patched nine zero-day vulnerabilities that were exploited in the wild, including the two recent WebKit flaws.

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild — The Hacker News

Common targets of zero-day spyware attacks, such as those using Pegasus, include journalists, human rights activists, and opposition politicians.

Zero-Click Exploits — Kaspersky

53% of iPhone users have fallen victim to an online scam, compared to 48% of Android users.

iPhone Users More Prone to Scams and Less Conscious about Mobile Security than Android Owners, New Malwarebytes Research Finds — Malwarebytes

iPhone users in the US have a higher average income of approximately $53,251 compared to $37,040 for Android users.

Android vs iOS Statistics 2025: Users, Revenue, and Global Trends — Tekrevol

Black, Hispanic, and Asian adults in the US are more likely than White adults to have lost money to an online scam, with no differences in overall exposure to scams across racial and ethnic groups.

Online Scams and Attacks in America Today — Pew Research Center

📰 Sources (1)

Apple patches two zero-day flaws used in targeted attacks
Fox News December 27, 2025