Apple, Google forced to issue emergency 0-day patches - theregister.com

Apple, Google forced to issue emergency 0-day patches - theregister.com
December 15, 2025 at 11:00 AM

Apple and Google rush emergency patches for actively exploited zero-day vulnerabilities

Both companies pushed out-of-band fixes after confirming real-world exploitation in what they describe as sophisticated, targeted attacks. Technical details are scarce, but the urgency is clear: update now.

What happened

  • Apple: Shipped security updates for iPhone, iPad, and Mac to fix two WebKit flaws tied to an “extremely sophisticated” campaign targeting specific individuals.
  • Google: Released a Chrome Stable update addressing multiple issues, including zero-day CVE-2025-14174, an out-of-bounds memory access bug already exploited in the wild.

Coordination and attribution

  • Google initially marked the Chrome fix as “under coordination” and later updated notes after Apple’s disclosure, indicating overlap in investigations.
  • CVE-2025-14174 is credited to Apple’s security engineering team and Google’s Threat Analysis Group (TAG), which frequently tracks mercenary spyware and state-backed operations—hinting at spyware-grade exploitation rather than opportunistic attacks.

Why it matters

  • The pace of zero-days remains high: Apple has now patched nine vulnerabilities exploited in the wild in 2025; Google has addressed eight Chrome zero-days this year.
  • Browsers and mobile platforms continue to be prime targets due to their ubiquity and access to sensitive data.

What to do now

  • iPhone/iPad: Settings > General > Software Update, then install the latest iOS/iPadOS.
  • Mac: System Settings > General > Software Update, then install the latest macOS.
  • Chrome (desktop/mobile): Menu > Help > About Google Chrome to trigger the update, then relaunch. Install the latest Stable build as soon as it’s available.
  • Enable automatic updates and minimize high-risk browsing until patched.

The bottom line
Patch immediately. Both Apple and Google confirm in-the-wild exploitation, and the involvement of TAG and Apple’s security team suggests targeted, high-end attacks potentially linked to spyware.

Source: https://www.theregister.com/2025/12/15/apple_follows_google_by_emergency/

Back…