Apple has patched two critical iOS vulnerabilities that were actively exploited in highly targeted cyberattacks, described by the company as “extremely sophisticated,” affecting specific users. These incidents represent one of the most serious cybersecurity threats to iPhones in recent months.
اضافة اعلان
Zero-Day Exploits
The two vulnerabilities are zero-day, meaning attackers were aware of them before any security update was available. This allowed their use in targeted attacks linked to advanced spyware, rather than random attempts to steal passwords or compromise financial apps.
WebKit Vulnerabilities
Both flaws involve WebKit, the engine powering Safari and all other browsers on iOS due to Apple’s mandatory use policy. Users could be compromised simply by visiting a malicious website, without additional interaction.
CVE-2025-43529: Allows remote code execution via a memory management flaw in WebKit.
CVE-2025-14174: Discovered jointly by Apple and Google’s Threat Analysis team.
Apple and Google have withheld technical details to prevent further exploitation.
Security Updates Across Apple Platforms
Apple released patches across its ecosystem, including:
iOS 26.2, iPadOS 26.2, iOS 18.7.3
macOS Tahoe 26.2, watchOS, tvOS, visionOS
Safari browser update
Because all iOS browsers rely on WebKit, apps like Google Chrome on iPhone were also affected.
How to Protect Yourself
Apple recommends:
Install updates immediately and enable automatic updates.
Exercise caution with links, especially from unexpected emails or messages.
Use security apps that detect phishing and malware.
Enable Lockdown Mode for users at higher risk, limiting attachments, FaceTime from unknown contacts, and data transfer via charging ports.
Monitor for unusual behavior such as rapid battery drain, overheating, or frequent Safari crashes.
Reduce personal data shared online to lower the risk of targeting.
Al-Arabiya
