Dec 13, 2025Ravie LakshmananZero-Day / Vulnerability
Apple on Friday launched safety updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari internet browser to handle two safety flaws that it stated have been exploited within the wild, one in all which is similar flaw that was patched by Google in Chrome earlier this week.
The vulnerabilities are listed under –
CVE-2025-43529 (CVSS rating: N/A) – A use-after-free vulnerability in WebKit which will result in arbitrary code execution when processing maliciously crafted internet content material
CVE-2025-14174 (CVSS rating: 8.8) – A reminiscence corruption situation in WebKit which will result in reminiscence corruption when processing maliciously crafted internet content material
Apple stated it is conscious that the shortcomings “might have been exploited in a particularly subtle assault towards particular focused people on variations of iOS earlier than iOS 26.”
It is price noting that CVE-2025-14174 is similar vulnerability that Google issued patches for in its Chrome browser on December 10, 2025. It has been described by the tech big as an out-of-bounds reminiscence entry within the firm’s open-source Virtually Native Graphics Layer Engine (ANGLE) library, particularly in its Steel renderer.
Apple Safety Engineering and Structure (SEAR) and Google Menace Evaluation Group (TAG) have been credited with discovering and reporting the flaw, whereas Apple credited TAG with discovering CVE-2025-43529.
This means that the vulnerabilities had been seemingly weaponized in highly-targeted mercenary spyware and adware assaults, on condition that they each have an effect on WebKit, the rendering engine that is additionally utilized in all third-party internet browsers on iOS and iPadOS, together with Chrome, Microsoft Edge, Mozilla Firefox, and others.
The failings have been addressed within the following variations and gadgets –
iOS 26.2 and iPadOS 26.2 – iPhone 11 and later, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad eighth era and later, and iPad mini fifth era and later
iOS 18.7.3 and iPadOS 18.7.3 – iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
macOS Tahoe 26.2 – Macs working macOS Tahoe
tvOS 26.2 – Apple TV HD and Apple TV 4K (all fashions)
watchOS 26.2 – Apple Watch Sequence 6 and later
visionOS 26.2 – Apple Imaginative and prescient Professional (all fashions)
Safari 26.2 – Macs working macOS Sonoma and macOS Sequoia
With these updates, Apple has now patched 9 zero-day vulnerabilities that had been exploited within the wild in 2025, together with CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-31201, CVE-2025-43200, and CVE-2025-43300.
