Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Posted on By CWS

Jul 30, 2025Ravie LakshmananVulnerability / Zero-Day
Apple on Tuesday launched safety updates for its complete software program portfolio, together with a repair for a vulnerability that Google stated was exploited as a zero-day within the Chrome internet browser earlier this month.
The vulnerability, tracked as CVE-2025-6558 (CVSS rating: 8.8), is an incorrect validation of untrusted enter within the browser’s ANGLE and GPU parts that would end in a sandbox escape through a crafted HTML web page.
Whereas there are not any particulars on how the difficulty has been weaponized by menace actors, Google acknowledged that an “exploit for CVE-2025-6558 exists within the wild.” Clément Lecigne and Vlad Stolyarov of Google’s Menace Evaluation Group (TAG) have been credited with discovering and reporting the shortcoming.
The iPhone maker, in its newest spherical of software program updates, additionally included patches for CVE-2025-6558, stating the vulnerability impacts the WebKit browser engine that powers its Safari browser.

“This can be a vulnerability in open-source code and Apple Software program is among the many affected initiatives,” the corporate stated in an advisory, including it may very well be exploited to end in an surprising crash of Safari when processing maliciously crafted internet content material.
The bug has been addressed within the following variations –

iOS 18.6 and iPadOS 18.6 – iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
iPadOS 17.7.9 – iPad Professional 12.9-inch 2nd era, iPad Professional 10.5-inch, and iPad sixth era
macOS Sequoia 15.6 – Macs operating macOS Sequoia
tvOS 18.6 – Apple TV HD and Apple TV 4K (all fashions)
watchOS 11.6 – Apple Watch Collection 6 and later
visionOS 2.6 – Apple Imaginative and prescient Professional

Whereas there isn’t a proof that the vulnerability has been used to focus on Apple gadget customers, it is all the time observe to replace to the most recent variations of the software program for optimum safety.

The Hacker News Tags:, , , , , , ,

Related Posts

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services The Hacker News
Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms The Hacker News
U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks The Hacker News
Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub The Hacker News
Veeam Fixes Critical Flaws in Backup Software Veeam Fixes Critical Flaws in Backup Software The Hacker News
Over 46,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack Over 46,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack The Hacker News