A newly identified zero-day vulnerability in Apple’s WebKit, labeled CVE-2025-14174, is currently being exploited in targeted attacks, raising significant security concerns. This vulnerability, along with CVE-2025-43529, affects all Apple devices capable of rendering web content, including Safari and all iOS and iPadOS browsers. The flaws are being exploited through maliciously crafted web pages, allowing attackers to bypass user interaction and potentially execute arbitrary code. Apple has issued emergency patches across its ecosystem, covering devices like iPhones, iPads, Apple Watches, Apple TVs, and more. Organizations are urged to promptly update their systems to mitigate risks, as these vulnerabilities highlight the critical threat posed by web-based attacks. The situation underscores the importance of rapid response and vigilant monitoring to protect against stealthy exploitation and potential device takeovers.
Is the new WebKit zero-day vulnerability putting Apple devices at risk?
