Apple has alerted iPhone users to an urgent security update.
The company has rolled out emergency updates to address two security vulnerabilities that have been exploited in recent attacks.
The vulnerabilities affect WebKit, the engine behind Apple’s Safari browser and other browsers on iOS devices.
Apple has characterized the problem as an ‘extremely sophisticated attack’ targeting specific individuals, though it has not provided further details.
In a statement, Apple mentioned: “For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”
The two issues identified are CVE-2025-43529 and CVE-2025-14174, with Apple stating that these security breaches occurred on iOS versions before iOS 26.
CVE-2025-43529 is a ‘use-after-free’ vulnerability, involving a memory flaw that can be exploited by attackers to deceive the browser.
The second vulnerability, CVE-2025-14174, compromises devices through memory corruption.
Apple noted that these vulnerabilities were found by both Apple and Google’s Threat Analysis Group.
Devices affected include the iPhone 11 and newer models, various generations of the iPad Pro, iPad Air from the third generation onward, the eighth generation iPad and newer, and the iPad Mini from the fifth generation and up.
The New York Post suggests several measures to keep your device secure.
These steps include promptly installing updates to ensure protection against attackers who exploit outdated software.
It’s recommended to enable automatic updates to avoid missing critical installations.
Given the increasing sophistication of cyber threats, it’s vital to be cautious with links, even those from known contacts.
An additional security measure is using ‘lockdown mode’, which boosts your iPhone’s defenses and restricts certain functions.
A report by ZDNET includes comments from Ivan Krstić, Apple’s head of security engineering and architecture, about the advantages of lockdown mode.
He stated: “While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are.
“That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”