Security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser were made available by Apple on Friday. Two security vulnerabilities that have reportedly been exploited in the wild are addressed by the updates, one of which is the same vulnerability that Google fixed in Chrome earlier this week. The flaws "may have been exploiting in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26," according to Apple.
iOS 26.2, iOS 18.7.3, iPadOS 18.3, iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch third generation, and later are the versions and devices that have fixed the issues. Given that they both impact WebKit, the rendering engine utilized by all third-party web browsers, including Chrome, Microsoft Edge, Mozilla Firefox, and others, the vulnerabilities were probably weaponized in highly-targeted mercenary spyware attacks. It's important to note that on December 10, 2025, Google released patches for the same vulnerability (CVE-2025-14174) in its Chrome browser.
Apple has now fixed nine zero-day vulnerabilities, such as CVE-2025-24085, CVSS score:
8.8, and CVE-25-43300, that were exploited in the wild in 2025.