Apple says it fixed zero-day flaws used for 'sophisticated' attacks

Two bugs in WebKit have been fixed

· TechRadar

News By Sead Fadilpašić published 15 December 2025

(Image credit: Apple)

  • Apple patches two WebKit zero‑days (CVE‑2025‑43529 and CVE‑2025‑14174) used in a highly targeted attack
  • Flaws were jointly uncovered by Google TAG and Apple, with Chrome receiving a parallel fix
  • Updates span iOS, iPadOS, macOS, watchOS, tvOS, visionOS, and Safari, with users urged to patch quickly

Apple fixed two zero-day vulnerabilities exploited in an “extremely sophisticated attack” which, all things considered, could have been a cyber-espionage attack against one, or a handful of, high-profile individuals.

In a new security advisory, Apple said it deployed a patch for a use-after-free remote code execution (RCE) vulnerability in WebKit, as well as a WebKit memory corruption flaw.

WebKit is Apple’s browser engine responsible for rendering web pages. It powers Safari on macOS, iOS, and iPadOS, and is used by all browsers on iPhone and iPad.

Fixes deployed

The two bugs are now tracked as CVE-2025-43529, and CVE-2025-14174.

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26," Apple's security bulletin says.

What’s interesting is that both bugs were discovered by Google's Threat Analysis Group (TAG) (Apple also credited itself for the second flaw) - Google’s specialized cybersecurity arm which tracks and monitors primarily state-sponsored threat actors.

It’s also curious that at the same time, Google fixed the bug with the same identifier - CVE-2025-14174 - in Chrome. This suggests the two companies worked together to mitigate the risk, which is not surprising, but also not that common, and could indicate that the exploit was quite severe.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors