Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Zero‑Day Vulnerabilities in Apple WebKit

14 December 2025

Apple has released security updates to address two zero‑day vulnerabilities in WebKit that have been exploited in attacks. Users and administrators of affected Apple devices are strongly advised to update to the latest software versions immediately.

Background

Apple has released security updates to address two WebKit vulnerabilities (CVE‑2025‑43529 and CVE‑2025‑14174) affecting their iPhone and iPad products. CVE-2025-43529 has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Impact

Successful exploitation of the vulnerabilities could lead to the following:

  • CVE‑2025‑43529: A use‑after‑free issue in WebKit that may allow remote code execution when processing maliciously crafted web content. 

  • CVE‑2025‑14174: A memory corruption issue in WebKit that may lead to memory corruption via malicious web content.

Known Exploitation

Apple is aware that this vulnerability may have been exploited in targeted attacks.

Affected Products

The vulnerabilities affected the following devices and products:

  • iPhone 11 and later

  • iPad Pro 12.9-inch (3rd generation and later)

  • iPad Pro 11-inch (1st generation and later)

  • iPad Air (3rd generation and later)

  • iPad (8th generation and later)

  • iPad mini (5th generation and later)

Mitigation

Users and administrators of affected products are advised to update the affected product versions to the latest version immediately.

References

https://support.apple.com/en-us/125884

https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-day-flaws-exploited-in-sophisticated-attacks/

https://nvd.nist.gov/vuln/detail/CVE-2025-14174

https://www.tenable.com/cve/CVE-2025-43529

https://thehackernews.com/2025/12/apple-issues-security-updates-after-two.html

https://coesecurity.com/apple-patches-two-webkit-zero-days-actively-exploited-in-sophisticated-attacks/

Back to top