Following confirmation that two previously unknown security flaws had been actively exploited in the wild on Friday, Apple rolled out a series of security updates across its entire software ecosystem to address this issue, further demonstrating the continued use of high-end exploit chains against some targets. This is a major security update that is being released by Apple today across a wide range of iOS, iPadOS, macOS, watchOS, tvOS, visionOS, and the Safari browser. This fix addresses flaws that could have led attackers to execute malicious code in the past using specially crafted web content.
There are a number of vulnerabilities that are reminiscent of one of the ones Google patched earlier this week in Chrome, highlighting cross-platform vulnerability within shared graphics components. A report released by Apple indicated that at least one of the flaws may have been exploited as part of what it described as an "extremely sophisticated attack" targeting individuals who were running older versions of iOS before iOS 26, indicating that rather than an opportunistic abuse, this was a targeted exploitation campaign.
Using a coordinated effort between Apple Security Engineering and Architecture and Google's Threat Analysis Group, the vulnerabilities were identified as CVE-2025-14174, a high severity memory corruption flaw, and as CVE-2025-43529, a use-after-free flaw. The two vulnerabilities were tracked as CVE-2025-43529, a use-after-free bug.
In response to advanced threat activity, major vendors are continuing to collaborate together.
Separately, Apple has released a new round of emergency patches after confirming that two more vulnerabilities have also been exploited in a real-world attack in a separate advisory.
Apple has released a new update to address the flaws that could allow attackers to gain deeper control over their affected devices under carefully crafted conditions, and this update is applicable to iOS, iPadOS, macOS Sequoia, tvOS, and visionOS.
A memory corruption issue in Apple's Core Audio framework has led to an issue named CVE-2025-31200 which could result in arbitrary code execution on a device when it processes a specially designed audio stream embedded within a malicious media file. The second issue is CVE-2025-31201. This flaw affects Apple's RPAC component, which could be exploited by an attacker with existing read and write capabilities in order to bypass the protections for Pointer Authentication.
In an attempt to mitigate the risks, Apple said it strengthened bounds checks and removed the vulnerable code path altogether. According to Apple's engineers, Google's Threat Analysis Group as well as the company's own engineers were the ones who identified the Core Audio vulnerability. According to the company's earlier disclosures, the bugs have been leveraged to launch what it calls "extremely sophisticated" attacks targeting a very specific group of iOS users.
With the latest fix from Apple, the number of zero-day vulnerabilities Apple has patched in the past year has reached five, following earlier updates addressing actively exploited flaws in Core Media, Accessibility, and WebKit—a combination of high-risk issues that indicates a sustained focus by advanced threat actors on Apple's software stack, demonstrating that Apple's software stack has been the target of sophisticated attack actors.
The company claims the vulnerabilities have been addressed across its latest software releases, including iOS 26.2, iOS and iPad OS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2, and Safari 26.2, making sure that both current and legacy platforms are protected from these threats.
Following the disclosure, Google quietly patched a previously undisclosed Chrome zero-day that had been labelled only as a high-severity issue "under coordination" earlier in the week, which was close in nature. After updating its advisory to CVE-2025-14174, Google confirmed that the flaw is an out-of-bounds memory access bug in the ANGLE graphics layer, which was the same issue that was addressed by Apple earlier this week.
It indicates that Google and Apple handled vulnerabilities together in a coordinated manner.
In the absence of further technical insight into the attacks themselves, Apple has refused to provide any further technical information, other than to note that the attacks were directed at a single group of individuals running older versions of iOS prior to iOS 26, which can be correlated with using exploits that are spyware-grade in nature.
Since the problems both originate in WebKit, the browser engine that runs all iOS browsers, including Chrome, the researchers believe the activity represents a narrowly targeted campaign rather than an indiscriminate exploitation of the platform.
Even though Apple emphasised that these attacks were targeted and very specific, the company strongly urged its users to update their operating systems without delay in order to prevent any further damage to their systems.
Apple has patched seven zero-day vulnerabilities during 2025 with these updates.
There have been a number of exploits that have been addressed in the wild throughout the year, from January and February until April, as well as a noteworthy backport that was implemented in September that provided protection against CVE-2025-43300 on older iPhone and iPad models still running iOS or iOSOS 15 and 16.
Apple's platforms have increasingly been discovered to be a high-value target for well-resourced threat actors, with the capability of exploiting browser and system weaknesses in a way that allows them to reach carefully selected victims using a chain of attacks on the platforms.
It is evident that the company's rapid patching cadence, along with coordinated efforts with external researchers, indicates the company's maturing response to advanced exploitation; however, the frequency of zero-day fixes this year highlights the importance of timely updates across all supported devices in order to safeguard consumers.
Specifically, security experts recommend that users, especially those who perform high risk functions like journalists, executives, and public figures, enable automatic updates, limit the amount of untrusted web content they view, and review device security settings in order to reduce potential attack surfaces.
Enterprises that manage Apple hardware at scale should also accelerate patch deployments and keep an eye out for signs of compromise associated with WebKit-based attacks.
A growing number of targeted surveillance tools and commercial spyware continue to emerge, and Apple’s latest fixes serve to remind us of the fact that platform security is more of a process than it is a static guarantee.
For a company to stay ahead of sophisticated adversaries, collaboration, transparency, and user awareness are increasingly critical to ensuring platform security.