Alerts
Zero‑Day Vulnerabilities in Apple WebKit
14 December 2025
Apple has released security updates to address two zero‑day vulnerabilities in WebKit that have been exploited in attacks. Users and administrators of affected Apple devices are strongly advised to update to the latest software versions immediately.
Background
Apple has released security updates to address two WebKit vulnerabilities (CVE‑2025‑43529 and CVE‑2025‑14174) affecting their iPhone, iPad, macOS, tvOS, watchOS, visionOS, and Safari products. CVE-2025-43529 has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.
Impact
Successful exploitation of the vulnerabilities could lead to the following:
CVE‑2025‑43529: A use‑after‑free issue in WebKit that may allow remote code execution when processing maliciously crafted web content.
CVE‑2025‑14174: A memory corruption issue in WebKit that may lead to memory corruption via malicious web content.
Known Exploitation
Apple is aware that this vulnerability may have been exploited in targeted attacks.
Affected Products
The vulnerabilities affected the following devices and products:
iPhone 11 and later
iPad Pro 12.9-inch (3rd generation and later)
iPad Pro 11-inch (1st generation and later)
iPad Air (3rd generation and later)
iPad (8th generation and later)
iPad mini (5th generation and later)
Mitigation
Users and administrators of affected products are advised to update the affected product versions to the latest version immediately.
References
https://support.apple.com/en-us/125884
https://nvd.nist.gov/vuln/detail/CVE-2025-14174
https://www.tenable.com/cve/CVE-2025-43529
https://thehackernews.com/2025/12/apple-issues-security-updates-after-two.html