According to Apple’s support documentation, the attacks were described as “sophisticated” and targeted specific individuals - particularly users who are still running older versions of iOS rather than the latest iOS 26.

ios shutterstock
Apple recommends all iPhone users update their operating system immediately to stay protected against two newly discovered flaws. Photo: Shutterstock

Both vulnerabilities are linked to WebKit - the browser engine that powers all Apple devices. The patches were rolled out after confirmed real-world exploitation via a combined attack chain.

The first flaw, CVE-2025-43529, is a remote code execution vulnerability classified as a use-after-free error. It can be triggered by maliciously crafted web content. This flaw was discovered by Google’s Threat Analysis Group.

The second, CVE-2025-14174, is a memory corruption issue jointly identified by researchers from both Google and Apple.

Notably, these vulnerabilities appear to be related to another zero-day flaw that Google recently patched in Chrome. Initially tracked internally under code 466192044 without a CVE number, it was deemed highly critical. It was later assigned CVE-2025-14174 - the same identifier now applied to the WebKit flaw Apple just addressed.

To mitigate these risks, cybersecurity experts urge users to update their devices immediately. A security manager at JAMF, a mobile device management firm, advised users to navigate to Settings > General > Software Update to install the fix manually. They also emphasized not to rely on pop-ups or links for updates and to avoid depending solely on automatic updates in the initial days after a patch release.

Apple confirmed that the vulnerabilities have been addressed in the following OS versions: iOS 26.2, iPadOS 26.2, iOS 18.7.3, iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2, and Safari 26.2.

Since WebKit is used across the entire Apple ecosystem, users are advised to update all devices - from iPhones and iPads to Macs, Apple Watches, and Apple TVs.

The rapid discovery of back-to-back zero-day flaws is a stark reminder of the importance of keeping your operating system, browsers, and apps updated to their latest versions to reduce the risk of exploitation.

Users can also consider running supplemental security scans with reputable anti-malware software for Mac devices.

According to cybersecurity experts, every new zero-day vulnerability is a clear signal that it’s time to update all your devices immediately for safety.

Du Lam