On Tuesday, Apple rolled out security updates for its entire software lineup, addressing a vulnerability that Google identified as a zero-day exploit in Chrome earlier this month.
The flaw, labeled CVE-2025-6558 (CVSS score: 8.8), stems from improper validation of untrusted input in the browser’s ANGLE and GPU components. This could potentially allow a sandbox escape through a specially crafted HTML page.
Although specific details on how the vulnerability has been used in attacks are scarce, Google confirmed that “an exploit for CVE-2025-6558 exists in the wild.” The discovery and reporting of this issue are credited to Clément Lecigne and Vlad Stolyarov from Google’s Threat Analysis Group (TAG).
In its latest updates, Apple also addressed CVE-2025-6558, noting that the vulnerability affects the WebKit engine, which powers Safari.
“In an advisory, Apple stated that this vulnerability exists in open-source code, with Apple software being one of the affected projects. It could potentially be exploited to cause an unexpected crash in Safari when handling maliciously crafted web content.”
The issue has been resolved in the following versions:
The vulnerability has been addressed in the following software updates:
- iOS 18.6 and iPadOS 18.6: For iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
- iPadOS 17.7.9: For iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation.
- macOS Sequoia 15.6: For Macs running macOS Sequoia.
- tvOS 18.6: For Apple TV HD and Apple TV 4K (all models).
- watchOS 11.6: For Apple Watch Series 6 and later.
- visionOS 2.6: For Apple Vision Pro.
Although there is no evidence suggesting that the vulnerability has been exploited to target Apple device users, it’s always recommended to update to the latest software versions to ensure optimal protection and security.
Leave A Comment