"First and foremost is the usual lineup of security patches. With iOS 26.2, Apple has squashed 25 different bugs affecting such apps and services as the App Store, FaceTime, Messages, and Photos. But most important are the two-zero day vulnerabilities that could pose trouble for intended victims. Reported as exploited in the wild, both zero days may have been used in extremely sophisticated attacks against targeted individuals still running versions of iOS before iOS 26, Apple explained."
"These two flaws impact WebKit, the engine used to render web pages in Safari and many other apps. The first flaw, dubbed CVE-2025-43529, could allow an attacker to remotely execute code on a device through a malicious website. Apple described this one as a use-after-free issue, which means that the malicious content could hack into memory that would otherwise be off limits. Labeling it a memory corruption problem, Apple said that this was resolved with improved memory management."
Apple released iOS 26.2 alongside updates for iPad, Mac, Apple Watch, and other products. iOS 26.2 fixes 25 bugs affecting the App Store, FaceTime, Messages, and Photos and patches two WebKit zero-day vulnerabilities that were reported as exploited in the wild. CVE-2025-43529 is a use-after-free memory corruption issue that could permit remote code execution via a malicious website and was fixed with improved memory management. CVE-2025-14174 is another WebKit memory corruption flaw that received a patch. The update also enhances AirDrop, Reminders, and Podcasts, and users are urged to install it.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]