Apple has rolled out fixes for two zero-day security flaws that were reportedly used in what the company described as an “extremely sophisticated attack.” While the attack appears to have been highly targeted, possibly aimed at one or a small number of high-profile individuals, Apple is urging all users to update their devices as soon as possible.
In a new security advisory, Apple confirmed it patched a use-after-free remote code execution issue in WebKit, along with a separate memory corruption flaw, also in WebKit.
Why WebKit Matters
WebKit is Apple’s web browser engine that handles how web pages are displayed. It powers Safari across macOS, iOS, and iPadOS, and is also used by every browser on iPhone and iPad. That makes vulnerabilities in WebKit especially serious, since they can potentially affect a wide range of apps and devices.
Details of the Fixed Vulnerabilities
The two issues are now tracked as CVE-2025-43529 and CVE-2025-14174.
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26,” Apple‘s security bulletin says.
Both bugs were discovered by Google’s Threat Analysis Group, with Apple also crediting itself for one of the findings. Google’s TAG team focuses on tracking advanced threats, often linked to state-sponsored actors, which adds weight to how serious these flaws may have been.
Interestingly, Google also fixed the vulnerability linked to CVE-2025-14174 in Chrome around the same time. This suggests close coordination between the two companies and hints that the exploit posed a significant risk.
Devices and Software Versions Affected
The vulnerabilities impact a wide range of Apple devices, including iPhone 11 and newer models, several generations of iPad Pro, iPad Air, iPad, and iPad mini.
The fixes have been released in OS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2, and Safari 26.2.
Update Recommended for Everyone
Although the average user is unlikely to be directly targeted by attacks like these, Apple and Google both recommend installing the updates right away. Keeping devices up to date remains one of the simplest and most effective ways to stay protected.
ALSO READ: iOS 26.2 Makes Notifications Impossible To Miss With New Flash Alert Feature
