Apple on Friday launched security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari net browser to handle two security flaws that it mentioned have been exploited within the wild, one in every of which is identical flaw that was patched by Google in Chrome earlier this week.
The vulnerabilities are listed beneath –
- CVE-2025-43529 (CVSS rating: N/A) – A use-after-free vulnerability in WebKit which will result in arbitrary code execution when processing maliciously crafted net content material
- CVE-2025-14174 (CVSS rating: 8.8) – A reminiscence corruption problem in WebKit which will result in reminiscence corruption when processing maliciously crafted net content material
Apple mentioned it is conscious that the shortcomings “could have been exploited in a particularly subtle assault towards particular focused people on variations of iOS earlier than iOS 26.”
It is price noting that CVE-2025-14174 is identical vulnerability that Google issued patches for in its Chrome browser on December 10, 2025. It has been described by the tech large as an out-of-bounds reminiscence entry within the firm’s open-source Nearly Native Graphics Layer Engine (ANGLE) library, particularly in its Steel renderer.
Apple Safety Engineering and Structure (SEAR) and Google Menace Evaluation Group (TAG) have been credited with discovering and reporting the flaw, whereas Apple credited TAG with discovering CVE-2025-43529.
This means that the vulnerabilities had been doubtless weaponized in highly-targeted mercenary adware assaults, provided that they each have an effect on WebKit, the rendering engine that is additionally utilized in all third-party net browsers on iOS and iPadOS, together with Chrome, Microsoft Edge, Mozilla Firefox, and others.
The issues have been addressed within the following variations and units –
- iOS 26.2 and iPadOS 26.2 – iPhone 11 and later, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad eighth technology and later, and iPad mini fifth technology and later
- iOS 18.7.3 and iPadOS 18.7.3 – iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
- macOS Tahoe 26.2 – Macs working macOS Tahoe
- tvOS 26.2 – Apple TV HD and Apple TV 4K (all fashions)
- watchOS 26.2 – Apple Watch Collection 6 and later
- visionOS 26.2 – Apple Imaginative and prescient Professional (all fashions)
- Safari 26.2 – Macs working macOS Sonoma and macOS Sequoia
With these updates, Apple has now patched 9 zero-day vulnerabilities that had been exploited within the wild in 2025, together with CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-31201, CVE-2025-43200, and CVE-2025-43300.
