Apple has issued emergency patches for two critical WebKit zero-day vulnerabilities exploited in targeted, highly sophisticated attacks on specific individuals. These vulnerabilities, tracked as CVE-2025-43529 and CVE-2025-14174, affected various Apple devices and were also addressed by Google Chrome in coordination with Apple. #WebKitVulnerabilities #TargetedAttacks
Keypoints
- Apple released urgent updates to fix two zero-day vulnerabilities exploited in targeted attacks.
- CVE-2025-43529 is a WebKit use-after-free flaw enabling remote code execution via malicious web content.
- CVE-2025-14174 involves WebKit memory corruption that could lead to memory corruption issues.
- Both flaws impacted devices from iPhone 11, iPads, and other Apple products running pre-update iOS 26 and iPadOS 26.
- Google Chrome also fixed the same CVE-2025-14174 vulnerability, indicating coordinated disclosure efforts.