Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users
हिंदी में सुनें
Listen to this article in Hindi
Apple has released updates to address two actively exploited zero-day vulnerabilities in WebKit, targeting iPhone users. Update your devices immediately.
Apple has released security patches to address two actively exploited zero-day vulnerabilities in WebKit, the browser engine used by Safari and other apps. These flaws were used in sophisticated attacks specifically targeting iPhone users running iOS versions prior to 26.
The updates, iOS 26.2 and iPadOS 26.2, were released on December 12, 2025, and fix CVE-2025-43529 and CVE-2025-14174, both located in WebKit. Google's Threat Analysis Group (TAG) discovered CVE-2025-43529, a use-after-free vulnerability that could allow arbitrary code execution when processing malicious web content.
CVE-2025-14174 is a memory corruption issue. Apple and Google TAG are jointly credited with its discovery. Both vulnerabilities have been linked to targeted spyware campaigns.
These security flaws affect iPhone 11 and later models, as well as specific iPad Pro, iPad Air, and iPad mini models.
Other Important Fixes
In addition to the WebKit flaws, Apple's updates include fixes for over 30 other vulnerabilities across various system components, including the Kernel, Foundation, Screen Time, and curl. A notable Kernel integer overflow vulnerability (CVE-2025-46285), discovered by researchers at Alibaba Group, could allow an attacker to gain root privileges. Several Screen Time logging flaws (CVE-2025-46277, CVE-2025-43538) were also patched, which could expose Safari history or other user data.
WebKit received additional patches for issues such as type confusion, buffer overflows, and crashes (CVE-2025-43541, CVE-2025-43501, among others). The updates also address open-source vulnerabilities in libarchive (CVE-2025-5918) and curl (CVE-2024-7264, CVE-2025-9086).
Affected Devices and How to Update
The updates are crucial for users of iPhone 11 and later, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (8th generation and later), and iPad mini (5th generation and later).
Users are strongly advised to update their devices immediately through the Settings app.
