Apple issued security updates addressing two WebKit vulnerabilities (CVE-2025-14174 and CVE-2025-43529) that it said may have been exploited in “extremely sophisticated” targeted attacks, a reminder that modern mobile compromise often begins with the browser engine.

Because iOS browsers are WebKit-based, these flaws can impact far more than Safari in practical terms; the attack scenario is also painfully simple—malicious web content triggering memory corruption or use-after-free conditions.

The security takeaway is blunt: rapid patching isn’t optional when zero-days are in active use, and high-risk users should also consider additional hardening (device lockdown features, reduced link exposure).