Table of Contents
Apple recently deployed emergency updates for its iOS, iPadOS, and macOS systems to fix two security flaws in WebKit, the rendering engine of its Safari browser. These vulnerabilities, already exploited by attackers, could compromise user security. Let’s discover the details of these flaws and the importance of these updates.
The 3 key points not to miss
Apple’s security teams recently discovered two critical vulnerabilities in WebKit, the rendering engine used by the Safari browser. These flaws are designated by the codes CVE-2025-14174 and CVE-2025-43529. The first concerns a memory overflow in Google’s ANGLE library, allowing an attacker to read or modify unauthorized memory areas. The second vulnerability exploits a use-after-free in WebKit, where a memory area is used after being freed, allowing the execution of malicious code.
These flaws were identified in sophisticated attacks, likely orchestrated by state actors or groups specializing in spyware. Researchers from Google’s Threat Analysis Group (TAG) worked in collaboration with Apple’s security teams to identify these issues and develop patches.
Apple’s updates cover a wide range of devices, including recent iPhones and iPads, as well as Macs, Apple TV, Apple Watch, and Vision Pro. The affected versions include iOS 26.2, iPadOS 26.2, macOS Tahoe 26.2, among others. iPhone XS and seventh-generation iPad users also benefit from these security patches.
It is crucial for users to apply these updates immediately to protect themselves against potential attacks. Indeed, arbitrary code execution could allow the installation of spyware capable of collecting sensitive data on affected devices.
It is important to note that all third-party browsers on iOS and iPadOS, such as Chrome, Firefox, and Edge, must use WebKit. This means that even if these browsers have their own security mechanisms, they are also vulnerable to these flaws.
Attacks exploiting these vulnerabilities can be triggered simply by visiting a malicious web page or opening a document containing malicious code. Thus, users of third-party browsers must also apply these updates to ensure their online security.
Safari is Apple’s flagship web browser, designed to offer fast and smooth browsing on Mac, iPhone, and iPad devices. Since its launch, Safari has established itself against competitors like Chrome, Edge, and Firefox thanks to its close integration with the Apple ecosystem.
WebKit, the rendering engine behind Safari, was developed to optimize the display of web pages. Used by many browsers on iOS and iPadOS, WebKit has benefited from numerous improvements and updates to ensure a secure and high-performance user experience.