Apple Patches Two Zero-Day Vulnerabilities Actively Exploited in Targeted Attacks

CyberDefender 4 mins0

Apple has released urgent security updates to address two zero-day vulnerabilities that were actively exploited in targeted attacks. Because these flaws were abused before patches were available, they represent a high-risk scenario—particularly for users who may be specifically targeted by advanced threat actors.

What Was Affected?

Both vulnerabilities reside in WebKit, the browser engine that powers Safari and all browsers on iOS and iPadOS. This makes the issue especially serious: a single WebKit flaw can impact every browser on Apple mobile platforms, not just Safari.

If successfully exploited, these bugs could allow an attacker to:

  • Execute malicious code remotely
  • Corrupt system memory
  • Compromise a device simply by luring a user to a malicious webpage

No additional interaction beyond visiting the page may be required.

Vulnerability Overview

Apple patched two high-severity zero-day flaws:

  • CVE-2025-43529 – A use-after-free vulnerability that could allow arbitrary code execution.
  • CVE-2025-14174 – A memory corruption issue exploitable through specially crafted web content.

Both vulnerabilities were confirmed to have been used in real-world attacks prior to disclosure, significantly raising their threat level.

Affected Devices

Any Apple device capable of rendering WebKit content was potentially exposed before patching, including:

  • iPhones (iPhone 11 and newer)
  • iPads (multiple recent generations)
  • Apple Watch
  • Apple TV
  • macOS systems
  • visionOS devices

In short, if the device loads web content via WebKit, it was in scope.

Nature of the Attacks

Apple stated that exploitation was highly targeted, not widespread. This strongly suggests the vulnerabilities were used in:

  • Surveillance or spyware operations
  • Targeted intrusions against high-value individuals
  • Sophisticated campaigns rather than opportunistic attacks

The involvement of advanced security researchers in the discovery further indicates a capable and well-resourced adversary.

What You Should Do Now

Immediate action is critical.

Update all devices immediately
Install the latest versions of:

  • iOS / iPadOS 26.2
  • macOS 26.2
  • watchOS 26.2
  • tvOS 26.2
  • visionOS 26.2

Additional security best practices

  • Avoid clicking links from unknown or untrusted sources
  • Enable Lockdown Mode for users at elevated risk
  • Watch for abnormal device behavior, crashes, or browser instability
  • Ensure enterprise and MDM-managed devices are fully patched

Why This Matters

Zero-day vulnerabilities are among the most dangerous threats in cybersecurity. They remove the defender’s advantage by exploiting flaws before fixes exist, often leaving detection as the only line of defense.

This incident reinforces a key lesson:

Browsers remain one of the most critical and heavily targeted attack surfaces on modern devices.

Rapid patching, layered security controls, and strong user awareness remain essential—no matter how secure the platform is perceived to be.

CyberDefender