Apple on Tuesday introduced patches for dozens of vulnerabilities throughout its cell and desktop working methods, together with fixes for a bug exploited within the wild.
Tracked as CVE-2025-6558, the exploited flaw was disclosed in mid-July, when Google patched it in Chrome, crediting its Menace Evaluation Group for reporting it and warning that it had been focused in assaults as a zero-day.
The safety defect is described as an inadequate validation of untrusted enter in Chrome’s ANGLE and GPU graphics elements that may be exploited remotely utilizing crafted HTML pages to flee the browser’s sandbox.
One week after Google rolled out a Chrome 138 replace to resolve the bug, the US cybersecurity company CISA added it to its Recognized Exploited Vulnerabilities (KEV) catalog, urging federal businesses to resolve it by August 12.
There nonetheless don’t look like any public reviews describing assaults involving the exploitation of CVE-2025-6558.
Apple’s recent spherical of iOS and macOS safety updates contains fixes for CVE-2025-6558, which impacts WebKit and will result in a Safari crash when visiting a web page containing malicious content material. There doesn’t appear to be any proof that the vulnerability has been exploited in opposition to Safari customers.
“This can be a vulnerability in open supply code and Apple Software program is among the many affected tasks,” Apple defined.
In complete, the Cupertino-based firm rolled out patches for 13 safety defects in WebKit, warning that they might be exploited to carry out XSS assaults, leak delicate consumer data, trigger reminiscence corruption, crash Safari, or trigger a denial-of-service (DoS) situation.Commercial. Scroll to proceed studying.
Whereas WebKit acquired the biggest variety of fixes, different Apple platform elements bought patched in opposition to a fair proportion of flaws too, together with AppleMobileFileIntegrity, Mannequin I/O, and PackageKit.
In line with Jamf VP Josh Stein, one other newly patched Apple vulnerability value mentioning is CVE-2025-43223. Impacting the CFNetwork element of each macOS and iOS, it permits non-privileged customers to change restricted community settings.
“Apple’s CFNetwork is the framework that handles community communication, together with HTTP, HTTPS, and different protocols. Due to this fact, any vulnerability within the framework poses important safety dangers,” Stein instructed SecurityWeek.
Apple mounted 87 CVEs with the recent macOS Sequoia 15.6 replace, and included patches for 29 safety defects within the newly rolled out iOS 18.6 and iPadOS 18.6 updates.
macOS Sonoma 14.7.7 was launched with fixes for 50 bugs, macOS Ventura 13.7.7 with patches for 41 points, iPadOS 17.7.9 addressed 19 flaws, watchOS 11.6 resolved 21, whereas tvOS 18.6 and visionOS 2.6 mounted 24 every.
Customers are suggested to replace their cell, desktop, and wearable units as quickly as doable. Further data on the resolved vulnerabilities could be discovered on Apple’s safety releases web page.
Associated: Sploitlight: macOS Vulnerability Leaks Delicate Data
Associated: Apple Patches Main Safety Flaws in iOS, macOS Platforms
Associated: Picture-Stealing Spyware and adware Sneaks Into Apple App Retailer, Google Play
Associated: North Korean Hackers Use Pretend Zoom Updates to Set up macOS Malware
