Apple Patches Two Zero-Day Flaws Used in Sophisticated Spyware Attacks

Apple patches critical zero-day flaws in WebKit, targeting individuals with sophisticated attacks; security teams urge updates.

By Content Team

Dec 16, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Apple patched two critical zero-day vulnerabilities on December 12 that were actively exploited in what the company calls "extremely sophisticated attacks" targeting specific individuals. The flaws, CVE-2025-43529 and CVE-2025-14174, affect WebKit and allow attackers to execute malicious code through crafted web content.

Discovered by Apple's security team and Google's Threat Analysis Group, these memory corruption bugs were fixed across iOS, iPadOS, and macOS devices. One vulnerability also impacts Google Chrome's graphics engine, suggesting cross-platform exploitation potential.

Apple has used similar language before when describing commercial spyware attacks, though neither Apple nor Google provided technical details about the exploitation. Security experts say vendors deliberately limit disclosure to prevent attackers from reverse-engineering patches into new exploits.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

87,000+ MongoDB Databases Exposed to Critical MongoBleed Vulnerability

Dec 28, 2025

Critical SmarterMail Vulnerability Allows Remote Code Execution

Dec 30, 2025

UK Companies in Middle East Face Rising Cyber Threats from Iran

Mar 3, 2026

M&S Cyber Attack Chaos Leaves More Questions Than Answers

Feb 18, 2026