Apple on Tuesday announced patches for dozens of vulnerabilities across its mobile and desktop operating systems, including fixes for a bug exploited in the wild.
Tracked as CVE-2025-6558, the exploited flaw was disclosed in mid-July, when Google patched it in Chrome, crediting its Threat Analysis Group for reporting it and warning that it had been targeted in attacks as a zero-day.
The security defect is described as an insufficient validation of untrusted input in Chrome’s ANGLE and GPU graphics components that can be exploited remotely using crafted HTML pages to escape the browser’s sandbox.
One week after Google rolled out a Chrome 138 update to resolve the bug, the US cybersecurity agency CISA added it to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to resolve it by August 12.
There still do not appear to be any public reports describing attacks involving the exploitation of CVE-2025-6558.
Apple’s fresh round of iOS and macOS security updates includes fixes for CVE-2025-6558, which impacts WebKit and could lead to a Safari crash when visiting a page containing malicious content. There does not seem to be any evidence that the vulnerability has been exploited against Safari users.
“This is a vulnerability in open source code and Apple Software is among the affected projects,” Apple explained.
In total, the Cupertino-based company rolled out patches for 13 security defects in WebKit, warning that they could be exploited to perform XSS attacks, leak sensitive user information, cause memory corruption, crash Safari, or cause a denial-of-service (DoS) condition.
While WebKit received the largest number of fixes, other Apple platform components got patched against a fair share of flaws too, including AppleMobileFileIntegrity, Model I/O, and PackageKit.
According to Jamf VP Josh Stein, another newly patched Apple vulnerability worth mentioning is CVE-2025-43223. Impacting the CFNetwork component of both macOS and iOS, it allows non-privileged users to modify restricted network settings.
“Apple’s CFNetwork is the framework that handles network communication, including HTTP, HTTPS, and other protocols. Therefore, any vulnerability in the framework poses significant security risks,” Stein told SecurityWeek.
Apple fixed 87 CVEs with the fresh macOS Sequoia 15.6 update, and included patches for 29 security defects in the newly rolled out iOS 18.6 and iPadOS 18.6 updates.
macOS Sonoma 14.7.7 was released with fixes for 50 bugs, macOS Ventura 13.7.7 with patches for 41 issues, iPadOS 17.7.9 addressed 19 flaws, watchOS 11.6 resolved 21, while tvOS 18.6 and visionOS 2.6 fixed 24 each.
Users are advised to update their mobile, desktop, and wearable devices as soon as possible. Additional information on the resolved vulnerabilities can be found on Apple’s security releases page.
Related: Sploitlight: macOS Vulnerability Leaks Sensitive Information
Related: Apple Patches Major Security Flaws in iOS, macOS Platforms
Related: Photo-Stealing Spyware Sneaks Into Apple App Store, Google Play
Related: North Korean Hackers Use Fake Zoom Updates to Install macOS Malware
