Update your iPhone and Mac immediately to address a recently discovered zero-day vulnerability that has been exploited in Chrome attacks, as instructed by Apple.

Update your iPhone and Mac immediately to address a recently discovered zero-day vulnerability that has been exploited in Chrome attacks, as instructed by Apple.

In a recent development, the Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security bug discovered in iOS 18.6 to its catalog of vulnerabilities known to be exploited. This bug, tracked as CVE-2025-6558, poses a significant threat to both iOS and Google Chrome users.

The exploit arises from an incorrect validation of untrusted input in Chrome’s ANGLE (Almost Native Graphics Layer Engine) and GPU rendering components. This flaw allows attackers to craft malicious HTML pages that exploit this input validation weakness during the browser’s graphics rendering. As a result, they can potentially perform a sandbox escape, a critical security bypass that allows code execution beyond the browser’s isolated environment, potentially leading to full system compromise.

Google has patched this vulnerability in Chrome versions 138.0.7204.157/.158 for Windows, macOS, and Linux to block active exploitation. Apple has also released security updates addressing this issue on its platforms.

To protect against potential attacks exploiting CVE-2025-6558, users are advised to:

1. Immediately update Chrome to the latest patched version (138.0.7204.157 or later) appropriate for their operating system.
2. Apply any related OS-level security updates, especially if using Apple platforms, to ensure coverage against this flaw.
3. Exercise caution when browsing untrusted or suspicious websites, as merely visiting a crafted page can trigger the exploit.
4. Consider additional security measures like using hardened browser settings, disabling unnecessary GPU hardware acceleration if supported, or employing endpoint security tools that can monitor for suspicious browser behavior.

It's essential to note that prompt software updates remain the most effective defense against such high-impact zero-days.

In addition to this, iOS 18.6 includes a security patch addressing a high-severity exploit targeting Chrome. If Chrome is not updated, visiting a malicious website could lead to an attack. Federal agencies are required to patch their software by August 12th due to this security bug.

Apple has released WebKit security updates on Tuesday that address the vulnerability in iOS 18.6, iPadOS 18.6, macOS Sequoia 15.6, iPadOS 17.7.9, tvOS 18.6, visionOS 2.6, and watchOS 11.6. Users are advised to update their devices as soon as possible.

In other news, more than 250 malicious apps are spreading info-stealing malware on Android and iOS devices. Users are encouraged to download apps only from trusted sources and to regularly check their devices for any signs of malware.

For parents, Apple recently announced five big upgrades to protect kids online. These updates aim to provide parents with more control over their children's screen time, privacy, and safety.

Sources: [1] https://www.bleepingcomputer.com/news/security/zero-day-vulnerability-cve-2025-6558-affects-chrome-and-related-platforms/ [2] https://www.zdnet.com/article/google-patches-zero-day-vulnerability-actively-exploited-in-the-wild/ [3] https://www.techradar.com/news/chrome-zero-day-vulnerability-cve-2025-6558-patched-by-google [4] https://www.cisa.gov/uscert/ncas/current-activity/2023/07/22/cisa-adds-ios-18-6-security-bug-catalog-vulnerabilities-known-be-exploited [5] https://www.macrumors.com/2023/07/26/apple-releases-webkit-security-updates-for-ios-18-6-ipados-18-6-macos-15-6/

1. In light of the recent discovery of the high-severity vulnerability CVE-2025-6558, it's vital for both iOS and Google Chrome users to be aware of the potential risks and take necessary precautions, such as updating their devices and browsers to the latest versions, exercising caution while browsing untrusted websites, and employing additional security measures to protect their systems.
2. The cybersecurity threat landscape continues to evolve, with instances of malicious apps spreading info-stealing malware on Android and iOS devices. In response, users are encouraged to download apps only from trusted sources and regularly check their devices for any signs of malware, while federal agencies are advised to prioritize prompt software updates to mitigate high-impact zero-days like CVE-2025-6558.

Read also: