Apple has issued security updates to fix a serious vulnerability that has been used in zero-day attacks targeting Google Chrome users.
The flaw, identified as CVE-2025-6558, stems from improper validation of untrusted input in ANGLE (Almost Native Graphics Layer Engine), an open-source graphics layer that handles GPU commands and converts OpenGL ES API calls to Direct3D, Metal, Vulkan, and OpenGL.
This vulnerability allows remote attackers to run arbitrary code in the browser's GPU process by using specially crafted HTML pages. This could let them break out of the sandbox designed to isolate browser processes from the main operating system.
Security researchers Vlad Stolyarov and Clément Lecigne from Google's Threat Analysis Group (TAG), a team that works to protect users from state-sponsored cyber threats, found and reported the issue in June. Google patched it on July 15 and confirmed it was already being exploited.
Although Google has not released further details about the attacks, TAG often uncovers zero-day vulnerabilities used by government-backed attackers in targeted operations, typically aimed at installing spyware on devices belonging to high-risk individuals such as journalists, political opponents, and activists.
On Tuesday, Apple released WebKit updates to patch the CVE-2025-6558 bug for the following devices and systems:
- iOS 18.6 and iPadOS 18.6: iPhone XS and newer, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
- macOS Sequoia 15.6: Macs using macOS Sequoia
- iPadOS 17.7.9: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
- tvOS 18.6: Apple TV HD and all Apple TV 4K models
- visionOS 2.6: Apple Vision Pro
- watchOS 11.6: Apple Watch Series 6 and newer
Apple explained that viewing malicious web content could cause Safari to crash. They also noted that the vulnerability affects both open-source and Apple software.
The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-6558 to its list of known exploited vulnerabilities on July 22. Federal agencies are required to patch it by August 12 under Binding Operational Directive 22-01, which is aimed at securing government systems. While the directive only applies to federal bodies, CISA also encouraged all network defenders to prioritize fixing the bug.
CISA emphasized that vulnerabilities like this are often used in attacks and present major risks to critical systems.
Since the beginning of the year, Apple has addressed five other zero-day vulnerabilities found in active attacks. These include one in January (CVE-2025-24085), one in February (CVE-2025-24200), another in March (CVE-2025-24201), and two in April (CVE-2025-31200 and CVE-2025-31201).
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
