Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
嗯,用户让我用中文总结一下这篇文章,控制在一百个字以内,而且不需要用“文章内容总结”之类的开头。首先,我得仔细阅读文章内容,抓住主要信息。 文章讲的是苹果公司在周五发布了安全更新,针对iOS、iPadOS、macOS等多个系统以及Safari浏览器的两个安全漏洞。这两个漏洞已经被利用了,其中一个和谷歌本周修补的Chrome漏洞相同。漏洞分别是CVE-2025-43529和CVE-2025-14174,都是WebKit的问题,可能导致代码执行或内存破坏。 苹果提到这些漏洞可能被用于针对特定用户的复杂攻击。更新影响了多个设备和系统版本,并且这是苹果今年修补的第九个零日漏洞。用户可能需要这些信息来了解最新的安全动态,特别是如果他们使用苹果设备的话。 总结的时候要注意简洁明了,涵盖苹果发布更新、修复的漏洞数量、漏洞影响以及相关背景。控制在一百字以内,所以要精简语言,去掉不必要的细节。 </think> Apple发布安全更新修复两个被利用的安全漏洞(CVE-2025-43529和CVE-2025-14174),影响WebKit组件,可能导致代码执行或内存破坏。这些漏洞可能被用于针对特定用户的复杂攻击。更新覆盖iOS、iPadOS、macOS等多个系统及Safari浏览器。 2025-12-13 05:32:0 Author: thehackernews.com(查看原文) 阅读量:13 收藏

Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of which is the same flaw that was patched by Google in Chrome earlier this week.

The vulnerabilities are listed below -

  • CVE-2025-43529 (CVSS score: N/A) - A use-after-free vulnerability in WebKit that may lead to arbitrary code execution when processing maliciously crafted web content
  • CVE-2025-14174 (CVSS score: 8.8) - A memory corruption issue in WebKit that may lead to memory corruption when processing maliciously crafted web content

Apple said it's aware that the shortcomings "may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26."

It's worth noting that CVE-2025-14174 is the same vulnerability that Google issued patches for in its Chrome browser on December 10, 2025. It's been described by the tech giant as an out-of-bounds memory access in the company's open-source Almost Native Graphics Layer Engine (ANGLE) library, specifically in its Metal renderer.

Apple Security Engineering and Architecture (SEAR) and Google Threat Analysis Group (TAG) have been credited with discovering and reporting the flaw, while Apple credited TAG with finding CVE-2025-43529.

Cybersecurity

This indicates that the vulnerabilities were likely weaponized in highly-targeted mercenary spyware attacks, given that they both affect WebKit, the rendering engine that's also used in all third-party web browsers on iOS and iPadOS, including Chrome, Microsoft Edge, Mozilla Firefox, and others.

The flaws have been addressed in the following versions and devices -

  • iOS 26.2 and iPadOS 26.2 - iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
  • iOS 18.7.3 and iPadOS 18.7.3 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • macOS Tahoe 26.2 - Macs running macOS Tahoe
  • tvOS 26.2 - Apple TV HD and Apple TV 4K (all models)
  • watchOS 26.2 - Apple Watch Series 6 and later
  • visionOS 26.2 - Apple Vision Pro (all models)
  • Safari 26.2 - Macs running macOS Sonoma and macOS Sequoia

With these updates, Apple has now patched nine zero-day vulnerabilities that were exploited in the wild in 2025, including CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-31201, CVE-2025-43200, and CVE-2025-43300.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.


文章来源: https://thehackernews.com/2025/12/apple-issues-security-updates-after-two.html
如有侵权请联系:admin#unsafe.sh