Apple Inc. has issued substantial security updates across its software suite, targeting a critical vulnerability that has been exploited as a zero-day threat in Google Chrome. The flaw, labeled as CVE-2025-6558, poses a significant risk as it allows for potential sandbox escapes through specially crafted HTML content, as per reports from Google’s Threat Analysis Group.
According to the advisory from Apple, the vulnerability affects the WebKit browser engine, which is integral to Safari’s functionality. The company emphasized the importance of updating affected systems to mitigate the risk related to this flaw. Google confirmed the existence of an exploit targeting this vulnerability already in the wild, although specific details about its utilization remain undisclosed.
Furthermore, Apple has included patches for iOS 18.6 and iPadOS 18.6, as well as updates for macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, and visionOS 2.6 to address this issue across a variety of devices.
Despite the alarming nature of the patch, no direct evidence suggests that the vulnerability has yet been leveraged against Apple users. Experts recommend that users promptly update their devices to benefit from enhanced security measures. This proactive approach is vital given the growing sophistication of cyber threats.