Apple Patches Three Zero-Days in ‘Extremely Sophisticated’ Spyware Attack

In a rare and alarming disclosure, Apple has rushed out emergency security updates for iOS and macOS to patch three previously unknown zero-day vulnerabilities that were actively being exploited in what the company described as “an extremely sophisticated attack against specific targeted individuals.”

The vulnerabilities—tracked as CVE-2025-20700, CVE-2025-14174, and CVE-2025-43529—were discovered by Apple’s internal security team in coordination with Google’s Threat Analysis Group. Apple says the flaws were part of a coordinated attack chain designed to infiltrate devices with precision and stealth.

What the Bugs Do

According to Apple’s security advisory, the flaws could enable a wide range of malicious activities, including:

• Information exposure
• Denial-of-service (DoS) conditions
• Arbitrary file write
• Privilege escalation
• Network traffic interception
• Sandbox escape
• Remote code execution

The primary vulnerability, CVE-2025-20700, is a memory corruption issue that could be exploited to execute arbitrary code on compromised devices. Apple confirmed that exploitation of this bug was “linked to attacks involving” the other two WebKit-related zero-days patched in December 2025.

Commercial Spyware Suspected

While Apple did not explicitly name any attackers, the technical sophistication and targeted nature of the exploit chain have led security researchers to strongly suspect the involvement of commercial spyware vendors. These companies, often operating in legal gray areas, sell surveillance tools to governments and law enforcement agencies around the world.

Brian Milbier, deputy CISO at Huntress, told The Register that the dyld/WebKit patch “closes a door that has been unlocked for over a decade.” This suggests that the underlying vulnerability may have been known to advanced threat actors for years before being publicly disclosed.

A Decade-Long Door Left Open

The phrase “a door that has been unlocked for over a decade” is particularly chilling. It implies that a critical security flaw in Apple’s core system architecture may have been silently exploitable for years, potentially by multiple actors, before being discovered and patched.

This revelation has sent shockwaves through the cybersecurity community, raising questions about how many other long-standing vulnerabilities might still be lurking in widely used software.

Patch Now

Apple has released updates for all affected devices, including:

• iOS 18.3.2
• iPadOS 18.3.2
• macOS Sequoia 15.3.2

Users are strongly urged to update their devices immediately to protect against potential exploitation.

The Bigger Picture

This incident underscores the growing sophistication of targeted cyberattacks and the arms race between tech companies and commercial surveillance vendors. It also highlights the critical importance of coordinated vulnerability disclosure between industry leaders like Apple and Google.

As the digital world becomes increasingly interconnected, the stakes for securing our devices have never been higher. This week’s revelations serve as a stark reminder that even the most secure systems can harbor hidden weaknesses—and that the hunt for these flaws is a constant, high-stakes game of cat and mouse.

Tags: Apple zero-day, iOS security update, macOS vulnerability, commercial spyware, CVE-2025-20700, WebKit exploit, targeted attack, Google Threat Analysis Group, Huntress security, dyld vulnerability, memory corruption, sandbox escape, privilege escalation, network interception, remote code execution, cybersecurity arms race, digital surveillance, emergency patch, tech security news

Viral Sentences:

• “Apple patches three zero-days in ‘extremely sophisticated’ spyware attack”
• “A door that has been unlocked for over a decade”
• “Commercial spyware vendors suspected in targeted attack”
• “Emergency updates for iOS and macOS released”
• “Memory corruption flaw could execute arbitrary code”
• “Google and Apple team up to stop spyware”
• “Cybersecurity experts warn: update your iPhone now”
• “The hidden vulnerabilities lurking in your device”
• “When surveillance tools become weapons”
• “How long have your devices been vulnerable?”

,