Google and Apple Emergency Security Updates

In December 2025, both Google and Apple released emergency security updates to address actively exploited zero-day vulnerabilities. These flaws were targeted in sophisticated hacking campaigns affecting an unknown number of users. The updates are critical for protecting user privacy and device security.

Apple issued updates for iOS 18.7.3 and iPadOS 18.7.3, targeting iPhone XS and later models, as well as various iPad Pro generations. The patches fix two zero-day vulnerabilities that were exploited in an "extremely sophisticated attack." Users are urged to update immediately to mitigate risks.

• - Affected Devices: iPhone XS and later, iPad Pro 12.9-inch (3rd gen and later), iPad Pro 11-inch (1st gen and later), iPad Air (3rd gen and later), iPad (7th gen and later), iPad mini (5th gen and later).
• - Vulnerabilities: Two zero-days, including one related to WebKit (CVE-2025-14174), allowing potential remote code execution.
• - Recommendation: Check for updates in Settings > General > Software Update.

Google patched its ninth zero-day vulnerability in Chrome for 2025, along with the December 2025 Android Security Bulletin, which addresses 107 vulnerabilities, including two high-severity flaws under active exploitation. This includes fixes for Android devices and Chrome browser.

• - Chrome Update: Version includes fixes for three zero-days, one high-severity with active exploits.
• - Android Bulletin: Patches for critical flaws in the framework and system components.
• - How to Update: For Chrome, go to Help > About Google Chrome. For Android, check Settings > Security > Google Play System Update.

These vulnerabilities were part of targeted attacks, potentially by state-sponsored actors, emphasizing the need for prompt updates. No widespread exploitation has been reported, but the risk remains high for unpatched devices.
Users should:
- Enable automatic updates where possible.
- Avoid clicking suspicious links.
- Monitor for unusual device behavior.