New iOS and iPadOS Flaws Leave Millions of iPhones at Risk
No clicks. No warnings. Full device access.
Apple confirmed two critical WebKit vulnerabilities affecting millions of iPhones and iPads. Exploiting CVE-2025-43529 and CVE-2025-14174 allows attackers to gain full device access, including passwords and financial data.
The tech giant has been sending out warnings to Apple users about the security flaw over the past few weeks. However, despite a patch being available, Fox News reported that more than half of iOS users have yet to update, leaving them exposed.
Here’s how the vulnerabilities occurred
According to this iOS and iPadOS security document, both flaws stem from two WebKit bugs that allow attackers to execute malicious code in Safari, thereby gaining further access to the device.
The exploitation process works as follows:
- An attacker hides malicious code in a compromised webpage.
- When the page loads, WebKit mishandles memory.
- The flaw allows malicious code to run in the browser.
- A second bug enables deeper access, exposing device data.
The vulnerability, known as a zero-click flaw, requires no user action to execute. With both flaws present, a breach can happen simply by visiting a website.
What Apple has done to address the flaw
Hacker News reported that before Apple discovered and patched them, these were zero-day vulnerabilities running in the wild. Apple responded with a fix addressing them both in iOS 26.
The fix is only available in iOS 26, making most older iPhones and iPads ineligible. Millions of users who cannot update past iOS or iPadOS 18, or who have simply neglected to do so, are still vulnerable.
Here is what users should do
Apple urges all users to upgrade, especially those with the following devices:
- iPhone 11 and later.
- iPad Pro 12.9-inch 3rd generation and later models.
- iPad Pro 11-inch 1st generation and later models.
- iPad Air 3rd generation and later models.
- iPad 8th generation and later models.
- iPad mini 5th generation and later models.
According to Fox News, the device categories on this list are more vulnerable than others.
Research cited by Fox News indicates attackers are targeting specific individuals. Their identities remain undisclosed. Similar targeted cyberattacks suggest political and public figures are the likely targets.
The majority of iOS users are not safe. Because cyberattacks spread laterally, others may also face compromise. Consequently, Apple has strongly advised all users to update their Operating System.
To many Apple users, device updates appear to add only designs and animations; however, the real value lies in the core security fixes. Device updates are critical for security, protecting users from flaws, such as those exploited automatically.
Want a look ahead? Check out what Apple may have in store next, with early iOS 27 rumors and features expected in 2026.
About Author
