• Cyber Syrup
  • Posts
  • Apple and Google Patch Zero-Day Vulnerability Exploited in the Wild

Apple and Google Patch Zero-Day Vulnerability Exploited in the Wild

Apple has released a comprehensive set of security updates across its product ecosystem to address multiple vulnerabilities

July 30, 2025

CYBER SYRUP
Delivering the sweetest insights on cybersecurity.

Apple and Google Patch Zero-Day Vulnerability Exploited in the Wild

Apple has released a comprehensive set of security updates across its product ecosystem to address multiple vulnerabilities, including a high-severity zero-day flaw recently exploited in the wild.

What is CVE-2025-6558?

The critical vulnerability, tracked as CVE-2025-6558, is rated 8.8 on the CVSS scale and involves improper validation of untrusted input in the ANGLE and GPU components of the Chrome web browser. This flaw could allow an attacker to escape the browser sandbox using a specially crafted HTML page—potentially giving them unauthorized access to system-level resources.

Google’s Threat Analysis Group (TAG) researchers, Clément Lecigne and Vlad Stolyarov, discovered the vulnerability and noted that exploits are actively being used in the wild. While specific attack details remain undisclosed, the flaw represents a significant risk to users across platforms that use WebKit-based rendering engines.

Apple’s Response and Affected Devices

Apple confirmed that its WebKit browser engine, used in Safari and other native apps, is also affected. In its advisory, Apple stated:

“This is a vulnerability in open-source code and Apple Software is among the affected projects.”

Apple resolved the issue by releasing patches in the following software updates:

  • iOS 18.6 and iPadOS 18.6: For iPhone XS and newer, and all recent iPad models

  • iPadOS 17.7.9: For earlier iPad models like the 6th-gen iPad and 10.5-inch iPad Pro

  • macOS Sequoia 15.6: For all supported Macs

  • tvOS 18.6: For Apple TV HD and Apple TV 4K

  • watchOS 11.6: For Apple Watch Series 6 and newer

  • visionOS 2.6: For Apple Vision Pro devices

The vulnerability could cause Safari to crash unexpectedly when processing maliciously crafted web content, potentially leading to further compromise if unpatched.

Why This Matters

Even though there's no current evidence suggesting that Apple users have been specifically targeted, the fact that this vulnerability is being actively exploited in Chrome highlights the urgency of staying up to date.

This incident also underscores the shared nature of open-source vulnerabilities, where one security flaw can impact multiple platforms. It’s a reminder of how intertwined modern software ecosystems have become.

Recommendations

  • Update immediately: Users should install the latest updates for their devices to mitigate the risk.

  • Enable auto-updates: Ensure automatic updates are turned on for all Apple devices.

  • Stay informed: Monitor trusted security advisories from vendors and reliable news sources to stay ahead of potential threats.

By keeping software current and understanding the risks, users and organizations can significantly reduce their exposure to zero-day attacks and other emerging threats.