Apple, Google Rush Emergency 0-Day Security Patches
â–Ľ Summary
– Apple and Google have issued emergency patches for zero-day vulnerabilities that were being actively exploited in sophisticated real-world attacks.
– Apple’s updates fix bugs in WebKit that were used in an “extremely sophisticated attack” targeting specific individuals across iPhones, iPads, and Macs.
– Google’s Chrome update addresses a high-risk zero-day (CVE-2025-14174), an out-of-bounds memory access flaw that was already being exploited.
– The discovery of the Chrome bug is credited to Apple’s security team and Google’s Threat Analysis Group, strongly hinting at spyware-grade exploitation.
– These incidents add to a growing tally, with Apple patching nine and Google tackling eight exploited zero-days so far in 2025, highlighting the value attackers place on browsers and mobile platforms.
In a coordinated response to active cyber threats, Apple and Google have released critical emergency security updates to address zero-day vulnerabilities already being exploited by attackers. The rapid deployment of these patches underscores the ongoing pressure on users and organizations to apply fixes immediately, often before full technical details are disclosed. Both companies have characterized the attacks as sophisticated, targeting specific individuals through their devices and browsers.
Apple’s latest security releases cover iPhones, iPads, and Mac computers, focusing on two flaws within the WebKit browser engine. The company stated these vulnerabilities were part of an extremely sophisticated attack aimed at particular individuals. As is typical for Apple, the public announcement provided minimal technical insight, emphasizing instead that the exploits were real and already in active use. Users are urged to install the updates without delay to protect their devices.
Concurrently, Google issued an update for its Chrome browser’s stable channel, resolving several security issues. Among them is a high-severity zero-day tracked as CVE-2025-14174, an out-of-bounds memory access vulnerability. Google confirmed it was aware of instances where this flaw had been exploited before a patch was ready. The company initially addressed the bug last Wednesday, noting the vulnerability was under coordination with industry partners at the time.
The connection between the two incidents became clearer when Google updated its advisory following Apple’s disclosure. Google credited the discovery of the Chrome vulnerability to Apple’s security engineering team and its own Threat Analysis Group. This unit is renowned for investigating state-sponsored hacking and commercial spyware operations, rather than common malware. This attribution strongly suggests the exploits were part of a targeted surveillance campaign, likely involving advanced spyware, as opposed to widespread criminal hacking.
This recent spate of emergency patches contributes to a rising count of zero-day vulnerabilities handled by both tech leaders in 2025. With these new updates, Apple has now addressed nine in-the-wild exploits this year, while Google has remediated eight zero-days in Chrome alone. The consistent pace highlights how attackers persistently target browsers and mobile operating systems, viewing them as prime vectors for intrusion due to their ubiquity and access to sensitive information. The situation reinforces the critical importance of maintaining vigilant update practices across all personal and enterprise devices.
(Source: The Register)
