Emergency Patches for Apple and Google Zero-Day Exploits in Targeted Attacks
Apple and Google released emergency security updates after discovering that zero-day vulnerabilities in their software were being actively exploited in highly targeted attacks. The campaign, attributed to nation-state actors and commercial spyware vendors, focused on high-value individuals rather than the general public. Apple addressed two critical WebKit vulnerabilities, CVE-2025-14174 and CVE-2025-43529, which were exploited in sophisticated attacks against iPhones, iPads, and Macs running iOS versions prior to 26. Google also patched a Chrome vulnerability discovered in collaboration with Apple’s security team and Google’s Threat Analysis Group, indicating a coordinated response to a broader espionage campaign.
The Apple updates, released as iOS 26.2 and iPadOS 26.2, fixed the WebKit flaws that allowed arbitrary code execution and memory corruption through malicious web content. These vulnerabilities affected iPhone 11 and later models, as well as several iPad variants. In addition to the WebKit issues, Apple resolved over 30 other vulnerabilities across various components, including the Kernel and Screen Time. Both companies withheld detailed technical information, suggesting ongoing investigations into the attacks. The rapid deployment of these patches underscores the severity and sophistication of the threat, with both Apple and Google urging users to update their devices immediately.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Apple discloses broad impact and additional fixes in December security release
Alongside the zero-day fixes, Apple said the December 12 updates addressed more than 30 other vulnerabilities affecting components such as the kernel, Screen Time, curl, macOS, tvOS, watchOS, visionOS, and Safari. Affected hardware included iPhone 11 and later and multiple iPad models, prompting guidance for users and organizations to update immediately.
Apple releases emergency updates for two exploited WebKit zero-days
On December 12, 2025, Apple released security updates including iOS 26.2, iPadOS 26.2, and fixes across other platforms to patch CVE-2025-43529 and CVE-2025-14174. Apple said the bugs could be triggered by malicious web content and may have enabled arbitrary code execution or memory corruption on devices running versions prior to iOS 26.
Apple and Google identify WebKit zero-days used in targeted attacks
Apple and Google Threat Analysis Group determined that two WebKit vulnerabilities, CVE-2025-43529 and CVE-2025-14174, were being actively exploited in highly targeted, extremely sophisticated attacks against specific individuals. Reporting linked the activity to spyware-style operations associated with nation-state or commercial surveillance actors, though no attacker was publicly named.
Google patches Chrome zero-day later identified as CVE-2025-14174
Earlier in the week before Apple's disclosure, Google patched a Chrome zero-day in the ANGLE library's Metal renderer. The flaw was later identified as CVE-2025-14174 and was reportedly discovered jointly by Apple SEAR and Google Threat Analysis Group.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
Apple Patches More Zero-Days Used in 'Sophisticated' Attack
darkreading.com
Open sourceMultiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
cisecurity.org
Open sourceApple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
thehackernews.com
Open sourceEmergency fixes deployed by Google and Apple after targeted attacks
securityaffairs.com
Open sourceUrgent: Apple Patches Two Critical WebKit Zero-Days Under Active Exploitation Against High-Risk Targets
securityonline.info
Open sourceApple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users
cybersecuritynews.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Emergency 0-Day Patches Issued by Apple and Google for Actively Exploited Vulnerabilities
Apple and Google have released emergency security updates to address zero-day vulnerabilities that were actively exploited in sophisticated attacks targeting users of their platforms. Apple issued patches across its ecosystem—including iPhones, iPads, and Macs—to fix two WebKit bugs, warning that these flaws had been abused in highly targeted attacks against specific individuals. Google, in parallel, released a Chrome Stable channel update to address multiple security flaws, including CVE-2025-14174, an out-of-bounds memory access vulnerability that was already being exploited in the wild. Both companies provided limited technical details but confirmed that the vulnerabilities were under active attack and that coordinated investigation revealed overlap in their findings, with Apple's security team and Google's Threat Analysis Group credited for discovery. Security researchers have noted that these vulnerabilities could be weaponized by commercial spyware vendors, and there is evidence suggesting that the flaws were exploited before patches were available. The urgency of the situation has led to widespread advisories urging users to update their devices immediately to mitigate the risk of compromise. The lack of detailed disclosure from both Apple and Google underscores the sensitive nature of the attacks and the ongoing threat posed by sophisticated adversaries targeting mainstream software platforms used by billions worldwide.
Mar 21, 2026
Coordinated Disclosure of Zero-Day Exploited in Chrome ANGLE and Apple WebKit
Google and Apple have both released emergency security updates to address a high-severity zero-day vulnerability, tracked as CVE-2025-14174, which was actively exploited in the wild. The flaw, an out-of-bounds memory access issue in the ANGLE graphics component, affected Google Chrome and was also present in Apple’s WebKit engine, impacting multiple Apple devices including iPhones, iPads, Macs, and other platforms. Google initially limited technical details but confirmed exploitation, prompting urgent updates for Chrome users, while Apple’s advisory highlighted that the attacks were highly sophisticated and targeted specific individuals running older iOS versions. The vulnerability was discovered by Google’s Threat Analysis Group and addressed through coordinated disclosure between Google and Apple. Apple patched the flaw across iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari, while Google updated Chrome to mitigate the risk. Both companies have withheld detailed attack information, but the exploitation pattern suggests use in targeted spyware campaigns. Users and organizations are strongly advised to update affected devices immediately to reduce exposure to ongoing attacks leveraging this zero-day.
Mar 21, 2026
Apple Patches Actively Exploited dyld Zero-Day in iOS and Other Platforms
Apple released security updates to address an **actively exploited zero-day** tracked as **CVE-2026-20700**, warning it may have been used in an “extremely sophisticated” attack targeting specific individuals on versions of iOS prior to *iOS 26*. The flaw affects **`dyld` (Apple’s dynamic linker)** and can allow **arbitrary code execution** when an attacker already has **memory write** capability; reporting attributes discovery to **Google’s Threat Analysis Group** and notes it may have been used as part of an exploit chain. Apple shipped fixes across its ecosystem, including *iOS 26.3*, *iPadOS 26.3*, *macOS Tahoe 26.3*, *watchOS 26.3*, *tvOS 26.3*, and *visionOS 26.3*. The same reporting indicates Apple also issued patches tied to the broader report for **CVE-2025-14174** (an out-of-bounds memory access issue in Chrome’s **ANGLE** graphics component on Mac) and **CVE-2025-43529** (a **use-after-free** leading to code execution), and commentary from security practitioners emphasized that enterprise risk is driven by **patch deployment speed**—particularly where updates rely on end users rather than enforced device management.
Mar 21, 2026