CVE-2025-14174 Vulnerability: A New Memory Corruption Zero-Day Vulnerability in Apple WebKit Exploited in Targeted Attacks

Apple disclosed two actively exploited WebKit zero-days (CVE-2025-14174, CVE-2025-43529) that enable memory corruption and arbitrary code execution via malicious web content across all Apple platforms and browsers on iOS/iPadOS; Google also patched a related issue in Chrome’s ANGLE renderer, indicating cross-browser weaponization. Apple released out-of-band updates covering iOS/iPadOS, macOS, tvOS, watchOS, visionOS, and Safari, and the report urges immediate patching, MDM compliance checks, and heightened monitoring for anomalous browser or network behavior given the targeted, stealthy nature of the exploitation.