On Saturday, December 27th, Apple released an emergency security update to fix two zero-day vulnerabilities that hackers have actively exploited for “highly targeted attacks.”
“Zero-day vulnerabilities” refer to security flaws in software that have been discovered but not yet fixed by developers. When a vulnerability is exposed, developers have zero days to prepare a response before hackers can exploit it to attack systems that have not been updated.
Network security expert Kurt Knutsson reported on Fox News that Apple described this threat as an “extremely sophisticated attack” targeting specific individuals.
While the victims’ identities have not been officially confirmed, the limited scope of the attacks strongly implies espionage-level operations rather than widespread cybercrime.
The two vulnerabilities patched in this update, CVE-2025-43529 and CVE-2025-14174, both exist in the WebKit engine. Since WebKit is the core architecture for Safari and all browsers on iOS systems, users could trigger an attack simply by visiting a malicious website.
Apple confirmed that CVE-2025-43529 is a “use-after-free” vulnerability that could allow devices to execute arbitrary code when processing malicious web content.
This vulnerability was jointly discovered by Apple and Google’s threat analysis team. Discovering vulnerabilities through such cross-industry cooperation is often seen as a strong signal of state-sponsored or corporate espionage activities.
Apple has rolled out patches for all its operating systems. Affected devices include the majority of active devices on the market, such as iPhone 11 and newer models, various generations of iPad Pro and iPad Air, among others.
Users should immediately update to the following versions to ensure security:
iOS 26.2 and iPadOS 26.2
macOS Tahoe 26.2
Safari 26.2
And the corresponding versions for watchOS, tvOS, and visionOS.
Knutsson recommends that users take the following six actions in the face of such targeted threats:
1. Install updates immediately: Zero-day attacks rely on users running outdated software.
2. Beware of unknown links: Avoid clicking on random links sent through messaging apps or third-party social software like WhatsApp or Telegram.
3. Deploy antivirus tools: Use professional software to identify and intercept phishing emails.
4. Activate “Lockdown Mode”: High-risk groups, such as journalists and activists, should consider enabling Apple’s “Lockdown Mode.”
5. Minimize personal data exposure: Reduce online accessible personal privacy information to lower the risk of being targeted by attackers.
6. Monitor device anomalies: If a device shows unexplained overheating, crashes, or abnormal battery drain, immediately check its system status.
This is the seventh zero-day vulnerability Apple has patched in 2025. Apple urges all users, especially those facing high-risk targeted threats, to promptly complete system updates.