Apple has shipped an emergency security update to address two zero‑day vulnerabilities that are already being exploited in active attacks. The company urges all users to install the updates immediately on iPhone, iPad, Mac, and Apple Watch.
According to Apple’s security release notes, the flaws reside in the WebKit browser engine and the XNU kernel. Both bugs could allow an attacker to execute arbitrary code with kernel privileges, giving them complete control over the device. Evidence suggests the exploits are being used in targeted attacks, though no large‑scale campaign has been confirmed.
“Apple is aware of a report that this issue may have been actively exploited,” the company said in its advisory. This marks the second emergency patch cycle in 2025, underscoring the pressure Apple faces to keep its platforms secure against sophisticated threats.
Affected Devices
The update covers a wide range of hardware:
- iPhone: iPhone XS and later models
- iPad: iPad Pro (all generations), iPad Air (3rd generation and later), iPad mini (5th generation and later), and the standard iPad (7th generation and later)
- Mac: Macs running macOS Ventura 13.7 and later, macOS Sonoma 14.7 and later, and macOS Sequoia 15.2 and later
- Apple Watch: Series 6 and later running watchOS 10 or newer
Users can check for the update by navigating to Settings → General → Software Update on iOS/iPadOS, System Settings → General → Software Update on macOS, and the Watch app on iPhone for watchOS.
Why Zero‑Days Matter
Zero‑day vulnerabilities are especially dangerous because they are discovered and exploited before the vendor has a chance to release a fix. Attackers can chain them together to gain deep access to a device without the user’s knowledge. In this case, the two bugs – a use‑after‑free issue in WebKit and an out‑of‑bounds write in the kernel – could be triggered simply by visiting a malicious website.
Security researchers from Google’s Threat Analysis Group and an independent researcher are credited with discovering the flaws, a sign that the attacks were likely linked to state‑sponsored surveillance operations.
How to Protect Yourself
Installing the update is the only reliable way to close the security gap. Apple’s automatic update mechanism will prompt most users, but those who have delayed updates should act now. In addition to patching, users should enable built‑in protections such as Lockdown Mode, which blocks certain complex attack vectors, and avoid clicking suspicious links even in messages from known contacts.
Enterprise users should deploy the update via MDM and audit devices for signs of compromise. There are no reports yet of widespread exploitation, but given the nature of zero‑days, proactive patching is critical.
This is a developing story. We will update this page as more details emerge from Apple and the security community.