Overview
- Apple issued emergency updates across iOS, iPadOS, macOS, tvOS, watchOS, visionOS and Safari to fix two in‑the‑wild WebKit flaws tracked as CVE‑2025‑14174 and CVE‑2025‑43529.
- Google confirmed the same CVE‑2025‑14174 in Chrome as an out‑of‑bounds memory access in the ANGLE graphics layer, crediting Apple Security Engineering and Architecture and Google Threat Analysis Group for discovery.
- Apple credited Google TAG with finding CVE‑2025‑43529, a WebKit use‑after‑free that can enable code execution via malicious web content.
- Patches landed in OS 26.2 lines and were backported to iOS/iPadOS 18.7.3, with Apple listing affected hardware including iPhone 11 and later plus recent iPad models.
- Advisories say the exploits hit users on versions before iOS 26, and authorities and security outlets urged immediate updating, with the U.S. cyber agency requiring Chrome and other Chromium browsers be updated by January 2 for federal users.