Apple released critical iOS 26.2 and iPadOS 26.2 updates on December 12, 2025, patching two WebKit zero-day vulnerabilities actively exploited in sophisticated spyware attacks. The flaws, discovered by Google's Threat Analysis Group, allow hackers to execute malicious code through compromised websites.
CVE-2025-43529 involves a use-after-free bug, while CVE-2025-14174 is a memory corruption issue. Both were used in targeted campaigns against specific iPhone users. The update also fixes over 30 other security holes, including a kernel flaw that could grant root access.
Affected devices include iPhone 11 and newer models, plus recent iPad Pro, Air, and mini versions. Users should update immediately through Settings > General > Software Update.
Source: Cybersecurity News