Apple Fixes Two Zero-Day Flaws Exploited in Sophisticated Attacks

Here’s a breakdown of teh information from⁢ the provided text,⁢ focusing on the ⁢key details:

Apple⁣ Security Flaws:

* Impacted Devices:

​* iPhone ‌11 ‌and later
* iPad Pro 12.9-inch (3rd generation and​ later)
⁤​ ⁣ ​*⁤ iPad ⁢Pro 11-inch (1st generation and later)
​* iPad Air (3rd generation and later)
⁣ * iPad (8th generation and later)
‌ * iPad mini (5th generation and later)
* Flaws Fixed In:

* OS 26.2 ⁢and iPadOS 26.2
‍ * iOS 18.7.3 and iPadOS 18.7.3
​ * macOS Tahoe 26.2
‌ ⁤ *‌ tvOS 26.2
⁤ * watchOS 26.2
⁣ * visionOS 26.2
​* Safari 26.2
* Nature of the Flaws: The flaws were exploited in targeted attacks, and Apple hasn’t released technical ⁤details beyond stating they‍ affected ⁣versions of ​iOS before iOS 26.
*​ WebKit Connection: The flaws affect WebKit, wich ‍is also used by Google Chrome on iOS.

Google Chrome Zero-Day Flaw:

* Initial Description: initially labeled‌ as a “High” severity flaw ‍under ​coordination,with a placeholder description.
* Identified as: CVE-2025-14174: Out-of-bounds memory access ‍in ANGLE.
* Coordination ⁣with Apple: ‍ The CVE is the same one⁣ fixed by ‍Apple, suggesting coordinated disclosure.

Overall Context:

* ⁢ Targeted Spyware: The activity is consistent with highly targeted spyware attacks.
* Urgency: Users are strongly advised to install the latest security updates⁤ promptly.
* 2025 Trend: Apple has patched seven zero-day vulnerabilities exploited in the wild in 2025 so⁢ far,starting with‍ CVE-2025-24085 in‍ January.