On Tuesday, Apple released security updates for its entire software portfolio. This includes fixing a vulnerability that Google exploited as zero-day in the Chrome web browser earlier this month.
The vulnerability tracked as CVE-2025-6558 (CVSS score: 8.8) is incorrect verification of browser angles and untrusted input of GPU components, resulting in sandbox escapes via the created HTML page.
There is no details on how the issue was weaponized by threat actors, but Google has admitted that “the abuse of CVE-2025-6558 exists in the wild.” It is believed that Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG) have discovered and reported shortcomings.
The iPhone maker also includes a patch for CVE-2025-6558 in the latest round of software updates, saying the vulnerability will affect the WebKit browser engine that drives the Safari browser.
“This is an open source code vulnerability, and Apple software is one of the affected projects,” the company said in its advisory, adding that it could be exploited to cause an unexpected crash in Safari when processing malicious web content.
The bug is addressed in the following versions –
iOS 18.6 and iPads 18.6 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd Generation and later, iPad 7th generation and later, iPad Mini 5th Generation and iPad Pro Pro Pro Pro Pro Pro Pro MacOS Sequoia 15.6 – Macs Running Macos Sequoia TVOS 18.6 – Apple TV HD and Apple TV 4K (all models) Watchos 11.6 – Apple Watch Series 6 and Later Visionos 2.6 -Apple Vision Pro
There is no evidence that vulnerabilities are being used to target Apple device users, but updating to the latest version of your software for optimal protection is always a good practice.
Source link
