The iOS 26.2 and iPadOS 26.2 updates, released December 12, 2025, address CVE-2025-43529 and CVE-2025-14174 in WebKit. CVE-2025-43529 involves a use-after-free vulnerability enabling arbitrary code execution via malicious web content, discovered by Google Threat Analysis Group.
CVE-2025-14174 is a related memory corruption issue, credited to Apple and Google TAG, with both flaws linked to targeted spyware campaigns.
| CVE ID | Component | Impact | Description | Researcher(s) |
|---|---|---|---|---|
| CVE-2025-43529 | WebKit | Arbitrary code execution | Use-after-free, improved memory management | Google Threat Analysis Group |
| CVE-2025-14174 | WebKit | Memory corruption | Improved validation | Apple & Google TAG |
These flaws affect iPhone 11 and later models, plus specified iPad Pro, Air, and mini variants.
Apple resolved over 30 vulnerabilities across components like Kernel, Foundation, Screen Time, and curl. Notable issues include a Kernel integer overflow (CVE-2025-46285) allowing root privilege escalation, discovered by Alibaba Group researchers, and multiple Screen Time logging flaws exposing Safari history or user data (CVE-2025-46277, CVE-2025-43538).
WebKit saw additional patches for type confusion, buffer overflows, and crashes (e.g., CVE-2025-43541, CVE-2025-43501). Open-source flaws in libarchive (CVE-2025-5918) and curl (CVE-2024-7264, CVE-2025-9086) were also addressed.
| Component | CVE ID | Impact | Key Researcher |
|---|---|---|---|
| Kernel | CVE-2025-46285 | Root privileges | Kaitao Xie, Xiaolong Bai |
| Screen Time | CVE-2025-46277 | Access Safari history | Kirin (@Pwnrin) |
| Messages | CVE-2025-46276 | Access sensitive data | Rosyna Keller |
Impacts span iPhone 11+, iPad Pro 12.9-inch (3rd gen+), iPad Pro 11-inch (1st gen+), iPad Air (3rd gen+), iPad (8th gen+), and iPad mini (5th gen+).
Users should update immediately via Settings > General > Software Update to mitigate risks from these targeted exploits, consistent with patterns seen in prior spyware attacks. Apple notes no details on attackers, but collaboration with Google underscores nation-state-level threats.
| Product | Affected Versions | Patched Version | Compatible Devices |
|---|---|---|---|
| iOS | Before 26.2 (exploited pre-26) | 26.2 | iPhone 11 and later |
| iPadOS | Before 26.2 (exploited pre-26) | 26.2 | iPad Pro 12.9″ (3rd gen+), iPad Pro 11″ (1st gen+), iPad Air (3rd gen+), iPad (8th gen+), iPad mini (5th gen+) |
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users appeared first on Cyber Security News.
Xbox's Elite 3 controller has leaked ahead of its summer showcase event. Earlier today, Xbox's…
Director Matt Reeves has revealed the full cast for The Batman Part II, confirming several…
Looking for a powerful ebike with the speed and range to meet your ambitious needs?…
Marathon is attempting to broaden its playerbase with new offerings, such as a PVE-only mode.…
A Russian state-sponsored hacking group known as Sandworm has been caught making a calculated pivot…
A Chinese state-linked hacking group known as FamousSparrow has quietly infiltrated an Azerbaijani oil and…
This website uses cookies.