Apple has identified two critical WebKit vulnerabilities (CVE‑2025‑43529 and CVE‑2025‑14174) that allow remote code execution with kernel‑level privileges in Safari. Up to half of all iPhone and iPad devices are affected, putting personal data at risk. Installing the latest iOS/iPadOS update immediately mitigates the flaw and restores device security.
Understanding the Safari WebKit Vulnerabilities
WebKit, the engine behind Safari on iOS, iPadOS, and macOS, processes web content and runs JavaScript. The two disclosed CVEs exploit memory‑corruption bugs in WebKit’s handling of specific HTML and JavaScript constructs. When a malicious webpage is opened in Safari, the bugs can be triggered to execute arbitrary code within the browser process.
How the bugs bypass Safari’s sandbox
Because Safari runs with elevated privileges on iOS, a successful exploit can break out of the browser sandbox. This grants the attacker full device access, enabling the installation of persistent malware, interception of communications, and extraction of sensitive data such as passwords, banking credentials, and personal photos.
Impact Scope and Affected Devices
Apple estimates that up to 50 % of active iPhone and iPad devices could be vulnerable, depending on the adoption rate of the latest iOS releases. Devices running iOS 17.2 or later have received the security patches that mitigate the WebKit bugs. Older hardware that cannot upgrade beyond iOS 15 remains at risk.
Devices that need the update
- iPhone models on iOS 17.1 or earlier
- iPad models on iPadOS 17.1 or earlier
- Any device that cannot install iOS 17.2 / iPadOS 17.2
Immediate Steps to Protect Your Device
Users should verify that their devices are running the latest iOS or iPadOS version. Apple provides a simple path to check for updates via Settings → General → Software Update. If the update cannot be installed, consider disabling Safari or limiting web browsing to trusted sites until a fix is available.
How to check and install the update
1. Open Settings.
2. Tap General.
3. Select Software Update.
4. If an update is available, tap Download and Install.
5. Enable Automatic Updates to ensure future patches are applied promptly.
Apple’s Ongoing Security Measures
Apple has pledged continuous monitoring for related exploits and will release additional updates as needed. The company’s security page notes that active exploitation of these vulnerabilities has already been observed in the wild, underscoring the importance of rapid patch deployment. Apple also recommends enabling two‑factor authentication and using strong, unique passwords for accounts that store financial information.
Bottom Line
The CVE‑2025‑43529 and CVE‑2025‑14174 Safari flaws represent a significant threat to iPhone and iPad users, potentially exposing personal and financial data. Apple’s swift release of patches mitigates the risk, but the onus remains on users to apply the updates without delay. Keeping devices up‑to‑date is the most effective defense against this and future mobile security challenges.
