Apple addressed two critical WebKit vulnerabilities (CVE-2025-14174 and CVE-2025-43529) that attackers are actively exploiting as zero-day flaws. Both CVEs have been added to the CISA Known Exploited Vulnerabilities Catalog. These issues can cause memory corruption and permit arbitrary code execution, making immediate updates essential.
Mondoo Platform reports that the vast majority of iOS devices—82% of all systems—are running versions prior to 26.2. Most devices (68%) operate on iOS 26.0 or 26.1 but haven't progressed to the patched version. Organizations should deploy updates through centralized endpoint management immediately.
What is CVE-2025-14174?
This high-severity memory corruption flaw affects the ANGLE graphics layer in web engines, including Google Chrome on macOS and Apple's WebKit. Out-of-bounds memory access triggered by malicious HTML allows remote attackers to corrupt memory and execute arbitrary code simply by directing users to hostile webpages. The vulnerability was added to the CISA Known Exploited Vulnerabilities catalog.
What is CVE-2025-43529?
A critical use-after-free bug in Apple's WebKit browser engine enables arbitrary code execution when processing maliciously crafted web content. The flaw impacts iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari. It was actively exploited in targeted attacks before Apple issued emergency updates including iOS 26.2, macOS Sequoia 15.7.3, and macOS Sonoma 14.8.3.
Who is Affected?
These CVEs target users of Apple devices (iPhone, iPad, Mac, Apple TV, Vision Pro) running older software. The WebKit browser engine vulnerability leads to potential memory corruption and remote code execution through malicious websites.
How Mondoo Helps
Mondoo scans entire IT infrastructures—endpoints, cloud, and on-premises systems—to alert organizations when Apple systems are vulnerable and require updating. The platform detects critical CVEs and identifies systems needing patches.
