Blog home
Vulnerabilities

Only 18% Have Updated iOS Despite Active Exploits

Dominik Richter
Deborah Galea
December 16, 2025
3 min read

Apple has released security updates to address two WebKit vulnerabilities (CVE-2025-14174 and CVE-2025-43529) that are actively being exploited as zero-day flaws on iPhones, Macs, and iPads. Both CVEs have been added to the CISA Known Exploited Vulnerabilities Catalog, which means that attackers are currently actively exploiting the vulnerabilities. Even though the issues have been patched in iOS version 26.2, the majority of users have yet to update their systems. Since these CVEs can lead to memory corruption and allow arbitrary code execution, we strongly advise upgrading as soon as possible.

According to data from the Mondoo platform, 82% of all iOS systems are pre iOS 26.2, making them vulnerable to CVE-2025-14174 and CVE-2025-43529. The vast majority (68%) are running iOS 26.0 or iOS 26.1, but have not yet upgraded to the latest version. The rest are using versions prior to 26. We strongly advise iPhone, Mac, and iPad users to upgrade their devices and recommend organizations to push the updates through their centralized endpoint management system without delay.

What is CVE-2025-14174?

This is a high-severity memory corruption vulnerability affecting the ANGLE graphics layer used in web engines, including Google Chrome on macOS and Apple’s WebKit browser engine. The flaw stems from out-of-bounds memory access triggered by specially crafted HTML content, allowing a remote attacker to corrupt memory and potentially execute arbitrary code simply by luring a user to a malicious webpage. It has been added to the CISA Known Exploited Vulnerabilities catalog.

What is CVE-2025-43529?

This vulnerability is a critical use-after-free bug in Apple’s WebKit browser engine that can lead to arbitrary code execution when processing maliciously crafted web content. It has also been added to the CISA Known Exploited Vulnerabilities catalog. This flaw affects Apple devices across iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari, and was actively exploited in highly targeted attacks before an emergency security update was issued. Apple’s patches for this and related WebKit zero-days have been released to address ongoing threats that do not require additional user interaction beyond visiting a hostile webpage.

Who is affected?

These CVEs affect users of Apple devices (iPhone, iPad, Mac, Apple TV, Vision Pro) running older software, specifically impacting the WebKit browser engine and leading to potential memory corruption, allowing remote code execution via malicious websites, and were actively exploited in targeted attacks before Apple patched them in updates like iOS 26.2, macOS Sequoia 15.7.3, and macOS Sonoma is 14.8.3.

How can Mondoo help?

By scanning your entire IT infrastructure, including endpoints, cloud, and on-prem, Mondoo alerts if any of your Apple systems are vulnerable and need updating.

Mondoo detects a Mac system that needs to be updated

Find and fix the security risks that pose the biggest threat to your business.

Get started

Ready to leave your attackers in the dust?

Schedule a demo

Learn more about Mondoo

Mondoo eliminates - not just categorizes - vulnerabilities. Global enterprises trust Mondoo to prioritize risks by business impact and exploitability through its patented AI-native security model that collects structured, context-aware data from the entire IT infrastructure. Mondoo’s customers have reduced vulnerabilities and policy violations by 50% and significantly reduced MTTR. With seamless ITSM integrations and transparent security pipelines, Mondoo enables autonomous remediation and continuous compliance. Mondoo bridges the gap between security and engineering - delivering intelligent recommendations and actionable insights to fix vulnerabilities that matter most to the business.

Want to learn more? Schedule a demo today.

Dominik Richter

Dom is a founder, coder, and hacker and one of the creators of Mondoo. He helped shape the DevOps and security space with projects like InSpec and Dev-Sec.io. Dom worked in security and automation at companies like Google, Chef, and Deutsche Telekom. Beyond his work, he loves to dive deep into hacker and nerd culture, science and the mind, and making colorful pasta from scratch.

Deborah Galea

Deborah is Director of Product Marketing at Mondoo and leads messaging and positioning, product launches, and sales enablement. She has 20+ years of experience in the cybersecurity industry. Prior to Mondoo, Deborah was Director of Product Marketing at Orca Security and held various marketing positions at other cybersecurity companies. She co-founded email security company Red Earth Software, which was acquired by cybersecurity firm OPSWAT in 2014.

You might also like

Vulnerabilities
Application Vulnerabilities: Ready, Steady, Patch
Chip Johnson
Deborah Galea
December 16, 2025
Releases
Mondoo Release Highlights November 2025
Tim Smith
Deborah Galea
December 8, 2025
Vulnerabilities
How to Fix Critical React and Next.js Vulnerabilities (CVE-2025-55182 and CVE-2025-66478)
Christoph Hartmann
Deborah Galea
December 4, 2025

Sign up to receive Mondoo news:

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.