17/12/2025

Apple Warns of Zero-day Vulnerability Exploited in Attack (CVE-2025-43529)

Apple issued security updates for iOS, iPadOS, macOS, and its Safari web browser to address a vulnerability being exploited in the wild. Tracked as CVE-2025-43529, the use-after-free vulnerability exists in WebKit. An attacker may exploit the vulnerability by processing maliciously crafted web content, leading to arbitrary code execution. The vulnerability was addressed with improved memory management.

Apple is aware of an active exploitation of a vulnerability in a highly sophisticated attack targeting specific, high-profile individuals on iOS versions before iOS 26.

CISA added the CVE-2025-43529 to its Known Exploited Vulnerabilities Catalog, urging users to patch the vulnerability before January 5, 2026.

Apple also addressed a recent Chrome zero-day vulnerability that Google had patched. CVE-2025-41474 is a memory corruption flaw in WebKit. An attacker may exploit the vulnerability by processing maliciously crafted web content, potentially leading to memory corruption. Apple addressed the vulnerability with improved validation.

Apple mentioned in its advisory that CVE-2025-41474 was exploited in attacks against iOS versions before iOS 16.

This is the ninth zero-day vulnerability patched by Apple since the start of the year. The previous ones are listed below:

CVE-2025-24085, CVE-2025-24200, and CVE-2025-24201
CVE-2025-31200 and CVE-2025-31201
CVE-2025-43200
CVE-2025-43300

Affected Products and Versions

iPhone XS and later
iPhone 11 and later
iPad 7th generation and later
iPad 8th generation and later
iPad Air 3rd generation and later
iPad Air 3rd generation and later
iPad mini 5th generation and later
iPad mini 5th generation and later
iPad Pro 11-inch 1st generation and later
iPad Pro 11-inch 1st generation and later
iPad Pro 12.9-inch 3rd generation and later
iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later

Mitigation

Apple released the following versions to patch the vulnerability:

Safari 26.2
macOS Tahoe 26.2
iOS 26.2 and iPadOS 26.2
iOS 18.7.3 and iPadOS 18.7.3

For more information, please visit the Apple security advisories for macOS Tahoe, Safari, iOS, and iPadOS.

Qualys Detection

Qualys customers can scan their devices with QIDs 610752, 610753, 386207, and 386205 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://support.apple.com/en-us/125884
https://support.apple.com/en-us/125885
https://support.apple.com/en-us/125886
https://support.apple.com/en-us/125892

Mitigation

Qualys Detection

You may also like

Cisco Unified Communications Manager Static SSH Credentials Vulnerability (CVE-2025-20309)

Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability (CVE-2025-20188)