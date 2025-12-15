digicult

Zero-day vulnerabilities found: Apple iPhone, iPad users urged to update devices

Apple device owners have been advised to update the mobile operating system software of their devices.
Apple users should update the mobile operating system software of their devices, said the Singapore Cyber Emergency Response Team (SingCert) on Sunday (Dec 14). 

The advisory follows the finding of two zero-day vulnerabilities in Apples' WebKit, which SingCert says have been exploited in attacks. 

"Users and administrators of affected Apple devices are strongly advised to update to the latest software versions immediately," said SingCert in its advisory. 

Apple WebKit is an open-source web rendering engine used to power the Safari web browser on Apple's computing and mobile devices — macOS, iPadOS, and iOS. 

The two WebKit vulnerabilities identified — CVE-2025-43529 and CVE-2025-14174 — affects the following products:

  • iPhone 11 and later
  • iPad Pro 12.9-inch (3rd generation and later)
  • iPad Pro 11-inch (1st generation and later)
  • iPad Air (3rd generation and later)
  • iPad (8th generation and later)
  • iPad mini (5th generation and later)

According to Apple's support website, the first vulnerability allows a hacker to run malicious codes remotely when a user accesses malicious web content. The second could lead to memory corruption when a user loads malicious content. 

Apple's iOS 26.2, released on Dec 12, addresses the two said vulnerabilities and more than 20 other identified flaws in Apple's iOS software. 

