Install quickly: Apple Fixt Zero-Day attack in Webkit

Apple’s updates for iOS, iPados and MacOS appeared on Wednesday night should urgently be recorded quickly: As has only become known, a web kit bug is also fixed for which there is already an exploit. So far, however, this has only been used To attack Chrome usersas it says in the associated nest message (CVE 2025-6558). The error is evaluated with “Severity: High”. Confusing: Apple warns in his Security documents Uncepted active attacks-apparently because there are no corresponding reports for the Apple browser Safari.

Crasht Safari just?

According to Google, whose own threat analysis Group (day) discovered the error, in Chrome versions before 138.0.7204.157 it was observed how a distant attacker was able to carry out a sandbox outbreak via a manipulated website, which then leads to further problems. The reason is the processing of non -verified inputs in the GPU and Angle modules.

Apple himself only writes that CVE-2025-6558 can lead to an “unexpected crash” in Safari, there is no talk of a sandbox outbreak. So it could be that the severity on Apple platforms is lower-but there has been no confirmation. Apple continues that it is a gap “in the open source code” and Apple’s own software is “among the products concerned”.

Update for older MacOS versions

The web kit bug-together with numerous other mistakes-is remedied in both iOS 18.6 and in Ipados 18.6 and MacOS 15.6. Furthermore, an update for MacOS 13 (Ventura) and 14 (SONOMA): Safari 18.4 as a day appeared for one day as a day Single download. Why Apple had initially delayed the browser for the older systems here is so far unclear. The fix also contains Ipados 17.7.9published the Apple parallel to iOS 18.6 and Co. In contrast, iOS 17 is no longer maintained by the manufacturer.

The process shows that you have to look closely at security updates. So far, Google’s day has not revealed who the attackers were and how widespread the exploit is on Chrome. Anyone who uses the browser (or based on it with a chromium) should also update it- the installation of a current safari or macOS version does not help against the exploit.