Apple has recently issued emergency updates to address two zero-day vulnerabilities that were exploited in a highly sophisticated attack targeting specific individuals. These vulnerabilities, identified as CVE-2025-43529 and CVE-2025-14174, were promptly patched by Apple in response to the reported exploitation.

“Apple is aware of reports indicating that these vulnerabilities may have been exploited in an extremely sophisticated attack against specific targeted individuals using versions of iOS prior to iOS 26,” stated Apple’s security bulletin.

The first vulnerability, CVE-2025-43529, is a WebKit use-after-free remote code execution flaw that can be exploited through maliciously crafted web content. This flaw was initially discovered by Google’s Threat Analysis Group.

On the other hand, CVE-2025-14174 is a WebKit memory corruption flaw that could potentially lead to memory corruption. Both Apple and Google’s Threat Analysis Group identified this vulnerability.

Devices affected by these vulnerabilities include iPhone 11 and later models, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (8th generation and later), and iPad mini (5th generation and later).

Apple has addressed these vulnerabilities in various operating systems, including OS 26.2, iPadOS 26.2, iOS 18.7.3, iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2, and Safari 26.2.

Google also recently fixed a zero-day flaw in Google Chrome, initially labeled as “[N/A][466192044] High: Under coordination,” but later identified as “CVE-2025-14174: Out-of-bounds memory access in ANGLE,” aligning with Apple’s coordinated disclosure.

Apple has not disclosed detailed technical information about the attacks, but it is evident that they targeted individuals running older versions of iOS. The use of WebKit, which Google Chrome utilizes on iOS, suggests a pattern of highly targeted spyware attacks.

While these vulnerabilities were exploited in specific attacks, users are strongly urged to install the latest security updates promptly to mitigate the risk of potential exploitation.

With these recent fixes, Apple has successfully patched seven zero-day vulnerabilities exploited in 2025, starting with CVE-2025-24085 in January and culminating with CVE-2025-31201 in April. Additionally, Apple backported a fix for CVE-2025-43300 to older devices running iOS 15.8.5 / 16.7.12 and iPadOS 15.8.5 / 16.7.12 in September.

Secure Your Business with Proper IAM Practices

Effective Identity and Access Management (IAM) is crucial for the security of your business. Traditional IAM practices may fall short in meeting modern demands, leading to potential vulnerabilities. To ensure robust security, it is essential to adopt best practices in IAM.

For a comprehensive guide on building a scalable IAM strategy and enhancing your security posture, download our practical guide now.

Get the guide