好的,我现在需要帮用户总结一篇关于苹果修复零日漏洞的文章,控制在100字以内。首先,我得仔细阅读文章内容,找出关键信息。 文章提到苹果发布了紧急更新,修复了两个零日漏洞,分别是CVE-2025-43529和CVE-2025-14174。这两个漏洞被用于针对特定用户的复杂攻击。WebKit是苹果浏览器引擎,这两个漏洞都影响WebKit,可能导致远程代码执行或内存破坏。 受影响的设备包括iPhone 11及后续型号、iPad Pro、iPad Air等。苹果已经发布了多个操作系统的更新来修复这些问题,包括iOS 26.2、iPadOS 26.2等。此外,谷歌也修复了同样的漏洞CVE-2025-14174,说明两家公司进行了协调披露。 文章还提到这是苹果今年修复的第七个零日漏洞,显示苹果在安全方面非常积极。用户被强烈建议安装最新更新以降低风险。 总结的时候要简洁明了,涵盖主要点:苹果修复两个零日漏洞,影响WebKit,用于复杂攻击,谷歌也参与修复,并建议用户更新系统。 </think> Apple修复了两个零日漏洞(CVE-2025-43529和CVE-2025-14174),这些漏洞被用于针对特定用户的复杂攻击。这两个WebKit相关漏洞可能导致远程代码执行或内存破坏。受影响设备包括iPhone 11及后续型号、iPad Pro、iPad Air等。苹果已通过多个操作系统更新修复问题,并与谷歌协调披露同一漏洞。用户应尽快安装最新安全更新以降低风险。 2025-12-12 23:30:37 Author: www.bleepingcomputer.com(查看原文) 阅读量:1 收藏
Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an “extremely sophisticated attack” targeting specific individuals.
The zero-days are tracked as CVE-2025-43529 and CVE-2025-14174 and were both issued in response to the same reported exploitation.
"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26," reads Apple's security bulletin.
CVE-2025-43529 is a WebKit use-after-free remote code execution flaw that can be exploited by processing maliciously crafted web content. Apple says the flaw was discovered by Google’s Threat Analysis Group.
CVE-2025-14174 is a WebKit memory corruption flaw that could lead to memory corruption. Apple says the flaw was discovered by both Apple and Google’s Threat Analysis Group.
Devices impacted by both flaws include:
-
iPhone 11 and later
-
iPad Pro 12.9-inch (3rd generation and later)
-
iPad Pro 11-inch (1st generation and later)
-
iPad Air (3rd generation and later)
-
iPad (8th generation and later)
-
iPad mini (5th generation and later)
Apple has fixed the flaws in OS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2, and Safari 26.2.
On Wednesday, Google fixed a mysterious zero-day flaw in Google Chrome, initially labeling it as “[N/A][466192044] High: Under coordination.”
However, Google has now updated the advisory to identify the bug as “CVE-2025-14174: Out-of-bounds memory access in ANGLE,” which is the same CVE fixed by Apple, indicating coordinated disclosure between the two companies.
Apple has not disclosed technical details about the attacks beyond saying they targeted individuals running versions of iOS before iOS 26.
As both flaws affect WebKit, which Google Chrome uses on iOS, the activity is consistent with highly targeted spyware attacks.
While these flaws were only exploited in targeted attacks, users are strongly advised to install the latest security updates promptly to reduce the risk of ongoing exploitation.
With these fixes, Apple has now patched seven zero-day vulnerabilities that were exploited in the wild in 2025, beginning with CVE-2025-24085 in January, CVE-2025-24200 in February, CVE-2025-24201 in March, and two more in April (CVE-2025-31200 and CVE-2025-31201).
In September, Apple also backported a fix for a zero-day tracked as CVE-2025-43300 to older devices running iOS 15.8.5 / 16.7.12 and iPadOS 15.8.5 / 16.7.12.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
如有侵权请联系:admin#unsafe.sh