About Us
Apple warns of WebKit flaws exploited in targeted attacks, urges iPhone and iPad updates
- Apple, IOS
-
Photo AI-generated
By TechWatch PH Staff
Apple is urging users of iPhones and iPads to install available software updates following the discovery of critical security flaws in WebKit, the browser engine that powers Safari and all web content in iOS and iPadOS devices.
The flaws could allow attackers to run malicious code simply by processing crafted web content, potentially giving hackers access to sensitive data or control of affected devices.
The vulnerabilities, tracked under identifiers such as CVE-2025-43529 and CVE-2025-14174, were addressed in Apple’s emergency security updates for iOS and iPadOS. Apple acknowledged that the issues may have been exploited in highly sophisticated attacks against specific targets before patches were issued.
Apple’s security documentation shows that processing specially crafted web content through WebKit could enable attackers to execute code on a device, potentially giving them access to sensitive information such as passwords and financial data.
The company credits members of its own security team and contributors including Google’s Threat Analysis Group in identifying and addressing these flaws. The vulnerabilities are not exclusive to Safari.
Because Apple requires all iOS browsers to use the WebKit engine, the risk affects Safari as well as third-party browsers like Chrome and Firefox on iOS, and any app that renders web content using Apple’s WebKit framework.
To protect users, Apple released security updates on December 12, 2025, as part of the iOS 26.2 and iPadOS 26.2 releases. These updates address more than 20 vulnerabilities including the two exploited WebKit issues. (Apple security details for iOS 26.2 and iPadOS 26.2: https://support.apple.com/en-us/125884)
For users on the iOS 18 release track, Apple also issued iOS 18.7.3 and iPadOS 18.7.3, which include the same WebKit patches for devices that cannot run iOS 26 or for those choosing to remain on iOS 18. (Apple security details for iOS 18.7.3 and iPadOS 18.7.3: https://support.apple.com/en-us/125885.)
Despite the availability of the fixes, adoption has been slow. Data available suggests that only around 20 percent of eligible users have installed the update that includes these patches, leaving a large share of iPhones and iPads potentially exposed to attack.
Affected devices include iPhone 11 and later models, various generations of the iPad Pro, iPad Air starting with the third generation, iPad from the eighth generation onward, and iPad mini from the fifth generation onward if they are not running one of the patched OS versions.
Apple has reiterated that applying the latest updates is essential for maintaining security and reducing the risk of compromise. Users can check for updates by going to Settings > General > Software Update on their device.