Apple on Friday launched safety updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari internet browser to handle two safety flaws that it mentioned have been exploited within the wild, certainly one of which is identical flaw that was patched by Google in Chrome earlier this week.
The vulnerabilities are listed under –
- CVE-2025-43529 (CVSS rating: N/A) – A use-after-free vulnerability in WebKit that will result in arbitrary code execution when processing maliciously crafted internet content material
- CVE-2025-14174 (CVSS rating: 8.8) – A reminiscence corruption subject in WebKit that will result in reminiscence corruption when processing maliciously crafted internet content material
Apple mentioned it is conscious that the shortcomings “could have been exploited in an especially refined assault towards particular focused people on variations of iOS earlier than iOS 26.”
It is price noting that CVE-2025-14174 is the identical vulnerability that Google issued patches for in its Chrome browser on December 10, 2025. It has been described by the tech big as an out-of-bounds reminiscence entry within the firm’s open-source Nearly Native Graphics Layer Engine (ANGLE) library, particularly in its Metallic renderer.
Apple Safety Engineering and Structure (SEAR) and Google Risk Evaluation Group (TAG) have been credited with discovering and reporting the flaw, whereas Apple credited TAG with discovering CVE-2025-43529.
This means that the vulnerabilities had been doubtless weaponized in highly-targeted mercenary spy ware assaults, on condition that they each have an effect on WebKit, the rendering engine that is additionally utilized in all third-party internet browsers on iOS and iPadOS, together with Chrome, Microsoft Edge, Mozilla Firefox, and others.
The failings have been addressed within the following variations and units –
- iOS 26.2 and iPadOS 26.2 – iPhone 11 and later, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad eighth era and later, and iPad mini fifth era and later
- iOS 18.7.3 and iPadOS 18.7.3 – iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
- macOS Tahoe 26.2 – Macs operating macOS Tahoe
- tvOS 26.2 – Apple TV HD and Apple TV 4K (all fashions)
- watchOS 26.2 – Apple Watch Collection 6 and later
- visionOS 26.2 – Apple Imaginative and prescient Professional (all fashions)
- Safari 26.2 – Macs operating macOS Sonoma and macOS Sequoia
With these updates, Apple has now patched 9 zero-day vulnerabilities that had been exploited within the wild in 2025, together with CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-31201, CVE-2025-43200, and CVE-2025-43300.
