iOS under attack: Apple issues emergency fix for exploited zero-day bugs
हिंदी में सुनें
Listen to this article in Hindi
Apple has released emergency security updates for iOS and other operating systems to patch actively exploited zero-day vulnerabilities. Update immediately.
Apple has released emergency security updates to address actively exploited zero-day vulnerabilities in iOS and other operating systems. The company described the attacks as sophisticated, targeting specific individuals, especially those using older iOS versions rather than the latest iOS 26.
The vulnerabilities are located in WebKit, the browser engine used by all Apple devices. Apple rolled out the patches after confirming that these flaws were actively being exploited in real-world attacks using a combined attack chain.
One of the flaws, CVE-2025-43529, is a remote code execution vulnerability caused by a use-after-free error. This vulnerability can be triggered by maliciously crafted web content and was discovered by Google’s Threat Analysis Group.
The second vulnerability, CVE-2025-14174, involves memory corruption and was jointly identified by researchers at Google and Apple.
Interestingly, these vulnerabilities appear connected to a zero-day flaw recently patched by Google in Chrome. Initially tracked internally under code 466192044 without a CVE number, it was later assigned CVE-2025-14174, the same identifier now used for the WebKit flaw that Apple has addressed.
Security experts are urging users to update their devices immediately to mitigate these risks. A security manager at JAMF, a mobile device management company, recommends manually installing the fix by going to Settings > General > Software Update. They also advise against relying on pop-ups or links for updates and being cautious about depending solely on automatic updates immediately after a patch is released.
Apple has confirmed that these vulnerabilities have been resolved in iOS 26.2, iPadOS 26.2, iOS 18.7.3, iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2, and Safari 26.2.
Given that WebKit is used throughout the Apple ecosystem, users should update all their devices, including iPhones, iPads, Macs, Apple Watches, and Apple TVs.
The recent discovery of these back-to-back zero-day flaws highlights the importance of keeping operating systems, browsers, and apps updated to the latest versions to minimize the risk of exploitation.
Users might also consider running additional security scans using reputable anti-malware software for Mac devices.
Cybersecurity experts emphasize that each new zero-day vulnerability serves as a clear signal to update all devices immediately for safety.
