Overview
- On July 29, Apple released iOS 18.6, iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6 and visionOS 2.6 to address multiple security vulnerabilities.
- The updates plug CVE-2025-6558, a WebKit flaw enabling arbitrary code execution via malicious HTML; Google’s Threat Analysis Group identified it in June before CISA listed it as actively exploited.
- In all, the patches deliver 29 urgent security fixes spanning WebKit, CoreAudio, CoreMedia and other critical system components.
- Chrome users received a hotfix for the same bug in mid-July, illustrating cross-vendor coordination to curb exploits in the wild.
- Cybersecurity experts and federal agencies have stressed immediate installation to prevent data breaches and meet urgent compliance deadlines.