Apple pushed emergency security updates after two actively exploited zero-day flaws were found in WebKit, the browser engine that powers Safari and all iOS browsers. The company called the incident an “extremely sophisticated attack” targeting “specific targeted individuals,” and the fixes arrive amid ongoing concerns about spyware-style intrusions. These bugs could be triggered simply by visiting a malicious webpage, which makes the updates urgent for anyone running iOS, iPadOS or macOS.
The two tracked issues are CVE-2025-43529 and CVE-2025-14174, and Apple confirmed both were used in the same real-world operations. CVE-2025-43529 is a WebKit use-after-free vulnerability that can lead to arbitrary code execution when crafted web content is processed incorrectly. CVE-2025-14174 involves memory corruption within WebKit and can be chained with other flaws to achieve deeper compromise.
Google’s Threat Analysis Group is credited with finding the first issue, and the second was discovered jointly by Apple and the same team, which often points to sophisticated actors and not simple opportunistic criminals. Apple acknowledged reports of active exploitation, language the company reserves for confirmed attacks rather than theoretical holes. To patch these problems, Apple applied improvements to memory management and added stricter validation checks without releasing exploit-ready technical details.
The practical risk is straightforward: many WebKit attacks begin on the web. A malicious site or a link embedded in a message can be enough to trigger an exploit, so treating unknown links with suspicion matters more than ever. If a device is running older software, that window is exactly what attackers need, so keeping systems current is the most effective defense.
Install the emergency update as soon as you can and enable automatic updates across iOS, iPadOS, macOS and Safari to reduce the chance of missing critical fixes. Delaying updates is the single most common reason devices remain vulnerable, and automatic updates close that gap for people who travel or just forget. For high-risk users, immediate manual updating is the right call until you’re confident devices are fully patched.
Avoid tapping on unexpected links sent over SMS, messaging apps or email unless you verified the sender and content, because many WebKit-based exploits rely on tricking someone into opening a page. If a message seems odd, wait and type the site address yourself later or verify through a different channel. Reducing click-throughs cuts off a primary infection route used in these targeted campaigns.
People who handle sensitive information should consider narrowing their browser and extension usage to reduce exposure. Using Safari only, removing unnecessary extensions, and avoiding opening links directly inside messaging apps lowers the attack surface and can make exploitation harder. Apple’s Lockdown Mode is also an available tool that disables web features and message attachments commonly abused in targeted attacks, though it is deliberately restrictive.
Antivirus tools and threat detection on all devices add another layer of defense by flagging suspicious downloads and phishing attempts before they run. These tools cannot stop every zero-day, but they help detect follow-on activity and reduce the chance of a silent compromise. For anyone worried about personal data, professional data removal services can also lower visibility by systematically clearing information from broker sites and public listings.
Be alert for subtle signs that something may be wrong: unexpected crashes, sudden battery drain, overheating, or Safari closing on its own can be red flags, though they are not proof of an infection by themselves. If you see consistent, unexplained behavior, update immediately and consider a full device reset after backing up important data. Staying cautious and acting fast when odd symptoms appear reduces the time attackers have to operate.
Apple has patched seven zero-day vulnerabilities that were exploited in the wild so far this year, including fixes provided earlier and updates backported for older devices. While Apple has not named who was targeted or exactly how the attacks were delivered, the pattern matches previous spyware campaigns that focused on journalists, activists and other high-value individuals. If you fall into a category that handles sensitive reporting or advocacy, take an extra moment to confirm your devices are fully updated and locked down.
