Overview
- The releases address more than 20 vulnerabilities, including WebKit flaws tracked as CVE-2025-43529 and CVE-2025-14174 that enabled remote code execution and memory corruption.
- Google’s Threat Analysis Group reported both issues, and Apple credits fixes to improved memory management and improved validation in WebKit.
- Apple also pushed related security updates across platforms, including iOS and iPadOS 18.7.3, macOS Tahoe 26.2, watchOS 26.2, tvOS 26.2, visionOS 26.2, and Safari 26.2.
- Impacted hardware includes iPhone 11 and later plus recent iPad models, such as iPad Pro (2018 or later), iPad Air (3rd gen or later), iPad (8th gen or later), and iPad mini (5th gen or later).
- Additional fixes cover App Store payment token exposure, image-processing memory corruption, Hidden Album authentication bypass, and FaceTime remote-control password removal, and Apple urges users to install the updates immediately.