Apple patches two WebKit zero-day flaws actively exploited in sophisticated attacks targeting specific iPhone users running iOS versions prior to 26.
The iOS 26.2 and iPadOS 26.2 updates, released December 12, 2025, address CVE-2025-43529 and CVE-2025-14174 in WebKit. CVE-2025-43529 involves a use-after-free vulnerability enabling arbitrary code execution via malicious web content, discovered by Google Threat Analysis Group.
CVE-2025-14174 is a related memory corruption issue, credited to Apple and Google TAG, with both flaws linked to targeted spyware campaigns.
CVE IDComponentImpactDescriptionResearcher(s)CVE-2025-43529WebKitArbitrary code executionUse-after-free, improved memory managementGoogle Threat Analysis Group CVE-2025-14174WebKitMemory corruptionImproved validationApple & Google TAG
These flaws affect iPhone 11 and later models, plus specified iPad Pro, Air, and mini variants.
Other Critical Fixes
Apple resolved over 30 vulnerabilities across components like Kernel, Foundation, Screen Time, and curl. Notable issues include a Kernel integer overflow (CVE-2025-46285) allowing root privilege escalation, discovered by Alibaba Group researchers, and multiple Screen Time logging flaws exposing Safari history or user data (CVE-2025-46277, CVE-2025-43538).
WebKit saw additional patches for type confusion, buffer overflows, and crashes (e.g., CVE-2025-43541, CVE-2025-43501). Open-source flaws in libarchive (CVE-2025-5918) and curl (CVE-2024-7264, CVE-2025-9086) were also addressed.
ComponentCVE IDImpactKey ResearcherKernelCVE-2025-46285Root privilegesKaitao Xie, Xiaolong Bai Screen TimeCVE-2025-46277Access Safari historyKirin (@Pwnrin)MessagesCVE-2025-46276Access sensitive dataRosyna Keller
Affected Devices and Mitigation
Impacts span iPhone 11+, iPad Pro 12.9-inch (3rd gen+), iPad Pro 11-inch (1st gen+), iPad Air (3rd gen+), iPad (8th gen+), and iPad mini (5th gen+).
Users should update immediately via Settings > General > Software Update to mitigate risks from these targeted exploits, consistent with patterns seen in prior spyware attacks. Apple notes no details on attackers, but collaboration with Google underscores nation-state-level threats.
ProductAffected VersionsPatched VersionCompatible DevicesiOSBefore 26.2 (exploited pre-26)26.2iPhone 11 and lateriPadOSBefore 26.2 (exploited pre-26)26.2iPad Pro 12.9″ (3rd gen+), iPad Pro 11″ (1st gen+), iPad Air (3rd gen+), iPad (8th gen+), iPad mini (5th gen+)
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users appeared first on Cyber Security News.
