Notably, two WebKit vulnerabilities have been confirmed as actively exploited in “extremely sophisticated attacks” targeting specific users of older iOS versions, Apple said.
The most severe vulnerabilities fixed in this update are CVE-2025-43529 and CVE-2025-14174, both affecting WebKit, the browser engine powering Safari and many iOS apps.
According to Apple, processing malicious web content could lead to arbitrary code execution, allowing attackers to compromise devices.
Both vulnerabilities were discovered in collaboration with Google’s Threat Analysis Group (TAG) and were linked to targeted exploitation campaigns targeting iOS 26 and earlier.
Apple confirmed these issues may have been used in sophisticated attacks against specific individuals, suggesting the flaws could have been part of a zero-day exploitation chain designed for espionage or surveillance.
The company credited Google TAG for its contribution and also referenced CVE-2025-43529 as a related issue to the secondary identifier CVE-2025-14174, indicating overlapping exploitation evidence.
Other WebKit-related bugs, including CVE-2025-43531, CVE-2025-43535, CVE-2025-43536, and CVE-2025-43501, could cause Safari to crash or experience memory corruption when visiting malicious sites.
Apple addressed these issues by improving memory management and bounds checking, reducing the risk of remote code execution or denial-of-service attacks.
Beyond WebKit, Apple resolved a critical Kernel issue (CVE-2025-46285) in which a malicious app could gain root privileges due to an integer overflow bug.
The fix involves adopting 64-bit timestamps to prevent privilege escalation exploits. Another serious flaw in the App Store (CVE-2025-46288) could have allowed apps to access sensitive payment tokens, exposing financial data; this issue is now fixed with stricter permission controls.
Other components patched include FaceTime (CVE-2025-43542), which could accidentally expose password fields during remote sessions, and Messages (CVE-2025-46276), where apps could access sensitive user data through information disclosure.
Screen Time, Photos, and Telephony also received updates to address data privacy and logging issues. Apple’s advisory reiterates that details regarding attack methods or victims are withheld pending further investigation.
Users of eligible devices, iPhone 11 and later, and iPad Pro 3rd generation and later, are strongly urged to install the update immediately via the Settings > General > Software Update menu.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
The post Active Exploitation of Previously Unknown iPhone Security Flaws Confirmed appeared first on Cyber Security News.
Why is this outdoor kitchen? | Image: Sonos An unannounced Sonos speaker called Play has…
In the midst of potential acquisition chaos, Warner Bros. has also been spinning deals with…
In a statement on X, Kalshi CEO Tarek Mansour said his company would pay out…
While things may be a little up in the air for Warner Bros., we know…
New Hampshire Free Staters will be taking a victory lap in Concord this week at…
On Election Day, Dunbarton residents will weigh whether to change the traditional format of their…
This website uses cookies.