Apple has rolled out urgent security updates to fix a high-severity vulnerability that’s already being used in real-world attacks, primarily targeting Google Chrome users.
The flaw, identified as CVE-2025-6558, affects the ANGLE (Almost Native Graphics Layer Engine) project — an open-source graphics layer that translates GPU commands across platforms like Direct3D, Metal, Vulkan, and OpenGL. This graphics engine is widely used in web browsers, including Chrome and Safari.
According to Google’s Threat Analysis Group (TAG), which discovered the flaw in June, the bug results from improper handling of untrusted input. Hackers can exploit this vulnerability by luring users to visit a malicious HTML page. Once triggered, it allows attackers to run code inside the browser’s GPU process, potentially giving them a way to break out of the browser’s sandbox and access the system more directly.
Google patched the flaw in Chrome on July 15, tagging it as a zero-day vulnerability already being used in active attacks. While specific details about the campaigns are still unknown, Google TAG has a long history of uncovering attacks tied to state-backed hackers that target journalists, activists, and political figures.
On Tuesday, Apple followed suit, releasing patches for a range of its devices to address the same vulnerability, which could also impact Safari and other web content rendered via WebKit. The updates are available for:
- iOS 18.6 and iPadOS 18.6 – covering iPhone XS and newer, as well as various iPads
- macOS Sequoia 15.6
- iPadOS 17.7.9 – older iPad Pro and iPad 6th gen models
- tvOS 18.6 – for Apple TV HD and 4K models
- visionOS 2.6 – for Apple Vision Pro
- watchOS 11.6 – for Apple Watch Series 6 and newer
Apple described the flaw’s impact as causing unexpected crashes in Safari when processing malicious web content. It also acknowledged that this is a third-party vulnerability in open-source code, affecting Apple’s software stack.
The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-6558 to its list of known exploited vulnerabilities on July 22. Under federal guidelines, U.S. government agencies are now required to patch the issue by August 12. While the directive is aimed at federal systems, CISA urged all organizations and IT administrators to patch immediately, warning that flaws like this are frequent entry points for cyberattacks.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
So far in 2025, Apple has already addressed five other zero-day vulnerabilities that were actively exploited, showing that attackers continue to focus on high-value systems and widely used platforms.
