Apple this week rolled out a comprehensive set of security updates across its platforms to address several vulnerabilities, including a high-profile zero-day flaw in its WebKit browser engine. The vulnerability, tracked as CVE-2025-6558, has attracted acclaim and scrutiny due to its prior exploitation in the wild—most notably targeting users of Google Chrome earlier this month.
Understanding CVE-2025-6558
CVE-2025-6558 centers on improper validation of untrusted input in the browser’s ANGLE and GPU components. This flaw allowed attackers, through a maliciously crafted HTML page, to potentially execute a sandbox escape. Such a scenario could permit arbitrary code execution outside the browser’s typical security boundaries.
The vulnerability was initially reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG), with Google confirming that active exploits were observed in the wild. While it is not clear whether Apple device users have been specifically targeted, the company acknowledged the risk for unexpected browser crashes and urged prompt updates.
Devices and Software Versions Receiving Updates
Apple’s security patches were widely distributed, covering both current and several older device models. The critical vulnerability, along with other fixes, are included in the following releases:
| Platform/OS | Supported Devices | Latest Patched Version |
|---|---|---|
| iOS & iPadOS | iPhone XS and newer; multiple iPad Pro, Air, mini, and standard models | iOS 18.6 / iPadOS 18.6 |
| iPadOS (legacy) | iPad Pro 12.9-inch 2nd gen, iPad Pro 10.5-inch, iPad 6th generation | iPadOS 17.7.9 |
| macOS Sequoia | All Macs compatible with Sequoia | macOS Sequoia 15.6 |
| tvOS | Apple TV HD, all Apple TV 4K models | tvOS 18.6 |
| watchOS | Apple Watch Series 6 and later | watchOS 11.6 |
| visionOS | Apple Vision Pro | visionOS 2.6 |
Key Recommendations
While no public evidence currently links active exploits of the vulnerability to Apple users, the company is urging customers to update their devices to the latest releases as soon as possible to mitigate any risks.
