The iOS 26.2 and iPadOS 26.2 updates, released December 12, 2025, address CVE-2025-43529 and CVE-2025-14174 in WebKit. CVE-2025-43529 involves a use-after-free vulnerability enabling arbitrary code execution via malicious web content, discovered by Google Threat Analysis Group.
CVE-2025-14174 is a related memory corruption issue, credited to Apple and Google TAG, with both flaws linked to targeted spyware campaigns.
| CVE ID | Component | Impact | Description | Researcher(s) |
|---|---|---|---|---|
| CVE-2025-43529 | WebKit | Arbitrary code execution | Use-after-free, improved memory management | Google Threat Analysis Group |
| CVE-2025-14174 | WebKit | Memory corruption | Improved validation | Apple & Google TAG |
These flaws affect iPhone 11 and later models, plus specified iPad Pro, Air, and mini variants.
Apple resolved over 30 vulnerabilities across components like Kernel, Foundation, Screen Time, and curl. Notable issues include a Kernel integer overflow (CVE-2025-46285) allowing root privilege escalation, discovered by Alibaba Group researchers, and multiple Screen Time logging flaws exposing Safari history or user data (CVE-2025-46277, CVE-2025-43538).
WebKit saw additional patches for type confusion, buffer overflows, and crashes (e.g., CVE-2025-43541, CVE-2025-43501). Open-source flaws in libarchive (CVE-2025-5918) and curl (CVE-2024-7264, CVE-2025-9086) were also addressed.
| Component | CVE ID | Impact | Key Researcher |
|---|---|---|---|
| Kernel | CVE-2025-46285 | Root privileges | Kaitao Xie, Xiaolong Bai |
| Screen Time | CVE-2025-46277 | Access Safari history | Kirin (@Pwnrin) |
| Messages | CVE-2025-46276 | Access sensitive data | Rosyna Keller |
Impacts span iPhone 11+, iPad Pro 12.9-inch (3rd gen+), iPad Pro 11-inch (1st gen+), iPad Air (3rd gen+), iPad (8th gen+), and iPad mini (5th gen+).
Users should update immediately via Settings > General > Software Update to mitigate risks from these targeted exploits, consistent with patterns seen in prior spyware attacks. Apple notes no details on attackers, but collaboration with Google underscores nation-state-level threats.
| Product | Affected Versions | Patched Version | Compatible Devices |
|---|---|---|---|
| iOS | Before 26.2 (exploited pre-26) | 26.2 | iPhone 11 and later |
| iPadOS | Before 26.2 (exploited pre-26) | 26.2 | iPad Pro 12.9″ (3rd gen+), iPad Pro 11″ (1st gen+), iPad Air (3rd gen+), iPad (8th gen+), iPad mini (5th gen+) |
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users appeared first on Cyber Security News.
Leon Kennedy, one of the game’s protagonists. Resident Evil turns 30 this year. The series…
Leon Kennedy, one of the game’s protagonists. Resident Evil turns 30 this year. The series…
This is The Stepback, a weekly newsletter breaking down one essential story from the tech…
This is The Stepback, a weekly newsletter breaking down one essential story from the tech…
There's never been a better time to add facial recognition to everything! The public at…
LEGO staggers its announcements for upcoming sets, so I don’t blame you if you’re not…
This website uses cookies.