Emergency Zero-Day Patch Updates From Apple & Google

Both Apple and Google have pushed out emergency patches updates following the active exploitation of zero-day flaws in what the companies called “sophisticated” real-world attacks.

Users are once again forced to patch first and ask questions later as the two IT giants have hurried into upgrading out the door in recent days to fix vulnerabilities issues that attackers were already exploiting against an undisclosed number of targets.

Apple released new security patches for a large portion of its ecosystem, including Macs, iPhones, and iPads, addressing two WebKit issues that it claims could have been used in a “extremely sophisticated attack against specific targeted individuals.”

Cupertino, as usual, provided only a warning that the exploits were genuine and it was already in use, without going into much technical detail about it.

On the other hand, Google also released a Chrome Stable channel update that fixed a number of security issues, including at least one zero-day that had been exploited prior to the release of a solution. Google also said that it was aware of an exploit in the wild for the high-risk problem, known as CVE-2025-14174, which was defined as an out-of-bounds memory access vulnerability.

The vulnerabilities, which were found in tandem by Google’s Threat Analysis Group (TAG) and Apple’s security engineering team, mostly impact Google Chrome and the WebKit browser engine, which powers all Apple devices.

Instead of broad exploitation, which is a usual strategy used by mercenary spyware providers, the attacks were observed to be extremely targeted, concentrating on particular high-value individuals.

However, the Chrome problem was discreetly corrected by Google last Wednesday, but the vulnerability was still “under coordination.” The overlap between the two organisations’ research was revealed when Apple released its own results, prompting The Chocolate Factory to amend its patch notes.

Although neither of the technological company has disclosed many technical details, Google attributes the discovery of CVE-2025-14174 to Apple’s security engineering team and Google’s Threat Analysis Group, which is more well-known for tracking state-backed intrusion campaigns and mercenary spyware vendors than for pursuing common malware. Rather than being opportunistic drive-by hacking, that attribution strongly suggests that this was spyware-grade exploitation.

Both technology companies’ zero-day totals are rising as a result of the rush of updates. With these most recent updates, Apple has patched nine vulnerabilities that have been exploited in the wild thus far in 2025, while Google has had to address eight Chrome zero-days this year. This pace indicates that attackers still value browsers and mobile platforms as some of the most lucrative real estate available.

There are a wide range of items from Apple and Google which has received patches and it is advised that Apple users install the most recent software updates:

• For iPhones and iPads, iOS 18.7.3, iOS 26.2, and iPadOS 26.2.
• For MacOS Tahoe 26.2.

There are also updates available for the Safari 26.2, watchOS, tvOS, and visionOS.

Users can also upgrade their devices by selecting System Settings > General > Software Upgrade (for macOS) or Settings > General > Software Update (for iOS).

And for Google users and those using, other browsers:

The required patches for Google Chrome has been applied.

The same engine that powers other Chromium-based browsers like Microsoft Edge and Brave, which have either received or are in the process of receiving updates.

Although devices frequently update on their own, users should make sure the most recent versions are loaded as soon as feasible. Go to the official Apple Support page for additional information and support about Apple’s security updates.