Apple has announced patches for multiple security vulnerabilities across iPhone, iPad, macOS, Apple Watch, Vision Pro, and Apple TV. These updates also patched a vulnerability tracked as CVE-2025-6558, which has already been exploited in the wild.
CVE-2025-6558 was recently patched by Google and Mozilla to fix security vulnerabilities in Chrome and Firefox, respectively. It was disclosed in July 2025 by Google’s Threat Analysis Group (TAG) with a warning about use in targeted attacks as a zero-day.
The vulnerability lies in an insufficient validation of untrusted input in Chrome’s ANGLE and GPU graphics components. It could be exploited by using a maliciously crafted HTML page that could escape the browser’s sandbox and gain access to the local system. The CISA also added the vulnerability to its Known Exploited Vulnerabilities (KEV) database, ordering federal agencies to patch it by August 12.
In Apple’s case, the vulnerability affects WebKit and, if exploited, can cause crashes in Safari when rendering maliciously crafted web pages. The iPhone maker also pointed out that the vulnerabilities lie in open-source code, and Apple software is among the affected projects using said code.
WebKit received the lion’s share of the updates. However, other Apple components, including AppleMobileFileIntegrity, Model I/O, and PackageKit, have also been patched. Overall, WebKit received updates for 13 vulnerabilities, macOS patched 87, and 29 vulnerabilities were patched in iOS and iPadOS.
Older macOS versions, Sonoma and Sequia, also received updates for 50 and 41 vulnerabilities, respectively. iPadOS 17.7.9 patched 19, watchOS 11.6 21, tvOS 18.6, and visionOS 2.6 fixed 24 vulnerabilities each.
Despite repeated warnings against the vulnerability’s exploitation in the wild, no reports of attacks using the bug have appeared at the time of writing. Apple also confirmed that there’s no evidence that the bug has been used against Safari users.
In the News: Vibe coding platform breach exposes corporate apps
