Apple has issued emergency security updates after confirming that two previously unknown software flaws were exploited in highly targeted attacks against iPhone and iPad users.
The vulnerabilities, tracked as CVE-2025-43529 and CVE-2025-14174, were used in what Apple described as an “extremely sophisticated attack” aimed at a small number of individuals running older versions of iOS. Apple said it is aware of real-world exploitation and urged users to update immediately.
Both flaws affect WebKit, the browser engine used by Safari and all other browsers on iOS. One of the bugs could allow attackers to execute malicious code simply by getting a victim to load specially crafted web content, while the other could cause memory corruption that may also lead to device compromise.
The security issues impact a wide range of devices, including iPhone 11 and newer models, several generations of iPad Pro, iPad Air, standard iPads, and iPad mini devices. Apple has already released fixes across its platforms, including iOS and iPadOS, macOS Tahoe, watchOS, tvOS, visionOS, and Safari.
Google also patched the same vulnerability in Chrome earlier this week, later confirming it was the same flaw addressed by Apple. This coordination between Apple and Google suggests the attacks were carefully planned and likely involved advanced spyware techniques.
Apple has not shared technical details about the attacks or the identities of those targeted, but said the exploitation was limited and highly focused. Despite this, security experts recommend that all users install the latest updates as soon as possible to reduce any risk.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
So far in 2025, Apple has patched seven zero-day vulnerabilities that were actively exploited, underscoring the growing threat posed by advanced cyberattacks targeting everyday devices.
