Time to update your iPhone — Apple patches two iOS zero days used in the wild by hackers
It appears that Apple users are being affected by the same WebKit bug that affected Chrome users last week The iPhone maker has issued an emergency security update to protect users against two zero-day flaws that are being actively exploited by hackers. The attacks, which have been referred to as ‘sophisticated’ in an Apple support document, are targeting specific individuals; in this case, those still running older versions of iOS instead of iOS 26.
Both flaws affect WebKit and these new fixes were issued in response to the same reported exploitation. The first vulnerability (tracked as CVE-2025-43529) is a use-after-free remote code execution flaw. It’s exploited by processing maliciously crafted web content and was discovered by Google’s Threat Analysis Group. The second vulnerability (tracked as CVE-2025-14174) is a memory corruption flaw that was discovered by both Google’s Threat Analysis Group and Apple.
These bugs appear to be somewhat related to the zero-day flaw that Google just patched last week. It was tracked as 466192044 and didn’t initially have a CVE (Common Vulnerabilities and Exposures) umber but was considered to be a high severity flaw. That bug is now referred to as CVE-2025-14174 which is an out of bounds memory access in ANGLE – and is the same CVE number as above.
How to stay safe against mobile threats
Basically, you need to be keep your devices updated with the latest patches to ensure they’re protected. A security manager we spoke to at JAMF, recommends doing so immediately by going to Settings > General > Software Update and added that users should absolutely “avoid updating via links or pop ups, and do not rely on auto updates alone in the first days after a patch is released.”
Apple has said that the flaws have been fixed in the iOS versions listed below. So, the company is encouraging all users to update their iPhones in order to stay protected against any attacks leveraging these flaws. This highlights the importance of keeping your operating system (as well as your browser and apps) up to date in order to keep any holes closed that attackers could use to breach your devices.
We also recommend using news likes this as the perfect opportunity to run a security scan. There are plenty of Mac antivirus software options out there to protect you online and this is a great way to add an extra layer of protection to Apple’s built-in defenses. However, only Intego’s Mac antivirus can scan your iPhone or iPad for malware but they will need to be connected to your Apple Computer via a USB cable to do so.
- iOS 26.2
- iPadOS 26.2
- iOS 18.7.3
- iPadOS 18.7.3
- macOS Tahoe 26.2
- tvOS 26.2
- watchOS 26.2
- visionOS 26.2
- Safari 26.2
Given that WebKit is used on all of Apple’s devices though, you’re going to want to update your Mac, Apple Watch, Apple TV and basically every other product you have from the company. However, after a new zero-day is discovered, it’s usually best to take that as a sign that it’s time to update all of your devices anyways.
Follow Tom’s Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
More from Tom’s Guide
Source: www.tomsguide.com
Published: 2025-12-15 23:37:00
Tags:
This article was automatically curated from public sources. For full details, visit the original source link above.