# Google, Apple Patch Zero-Days in Urgent Updates
In a coordinated push against escalating cyber threats, Google and Apple have rolled out critical security patches addressing multiple zero-day vulnerabilities actively exploited in the wild, urging users worldwide to update immediately to safeguard their devices from sophisticated attacks.[1][3][4]
Apple Addresses High-Severity Zero-Day Across Ecosystem
Apple deployed comprehensive security updates on December 12, 2025, targeting a critical zero-day vulnerability tracked as CVE-2025-6558, rated 8.8 on the CVSS scale for improper validation of untrusted input in the ANGLE and GPU processes.[1][4] This flaw, discovered by Google's Threat Analysis Group researchers Clément Lecigne and Vlad Stolyarov, affects WebKit-based rendering engines and could cause Safari crashes from malicious web content, enabling potential device compromise.[1] Patches cover macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, and visionOS 2.6, alongside updates for Safari 26.2 on macOS Sonoma and Sequoia, and Compressor 4.11.1.[1][4] These fixes come amid revelations of persistent threats like Intellexa's Predator spyware, which has exploited iOS zero-days since 2023, including chains bypassing Pointer Authentication Codes (PAC) via manual Mach-O loading.[2][7]
Google's Chrome Update Tackles Three Zero-Days, Including Active Exploit
Google released a Chrome security update on December 10, 2025, patching three zero-day vulnerabilities, with one high-severity flaw (internal tracker ID 466192044) confirmed to have an exploit accessible in the wild.[3][5] This marks the eighth Chrome zero-day exploited in 2025, highlighting ongoing risks from nation-state actors and spyware vendors like Intellexa, linked to 15 zero-days across iOS, Android, and Chrome since 2021.[3][6] The update also addresses two medium-severity issues, with Google retaining restrictions on details until third-party libraries are fixed, emphasizing rapid response to in-the-wild threats.[3]
Broader Context: Spyware Firms and Zero-Day Proliferation
These patches underscore the growing zero-day market, where firms like Intellexa acquire and tweak exploits from brokers, selling to over 25 countries despite sanctions, as exposed in December 2025 leaks.[2][7] Google's Threat Intelligence Group and Amnesty International revealed Intellexa's "smack" chain exploiting 2023 CVEs for Safari RCE and kernel flaws, with ad networks abused for fingerprinting delivery.[2] Apple's prior iOS 16.6 patch and Lockdown Mode alerts mitigated some risks, but delayed detection allowed months of wild exploitation targeting users in oppressive regimes.[2] Both companies stress immediate updates and auto-update enablement to counter such threats.[1][3]
User Recommendations and Staying Protected
Experts recommend updating devices immediately, enabling automatic updates, and monitoring advisories from Apple and Google to reduce exposure.[1][3] Organizations should prioritize patch management, as zero-days like CVE-2025-6558 and Chrome's 466192044 exploit untrusted inputs and rendering flaws for broader compromise.[1][3] Collaboration between tech giants, including Google and Meta shutting ad vectors, shows progress, but the thriving exploit bazaar demands eternal vigilance.[2]
Frequently Asked Questions
What is a zero-day vulnerability?
A **zero-day vulnerability** is a software flaw unknown to the vendor, exploited by attackers before patches exist, often rated highly on CVSS like Apple's CVE-2025-6558 at 8.8.[1][3]
Which Apple devices need updates for the latest zero-day?
Updates target **macOS Sequoia 15.6**, **tvOS 18.6**, **watchOS 11.6**, **visionOS 2.6**, Safari 26.2, and more, affecting Macs, Apple TV, Watch Series 6+, and Vision Pro.[1][4]
How many Chrome zero-days were patched in December 2025?
Google patched **three zero-days** on December 10, including one high-severity with an in-the-wild exploit (ID 466192044), the eighth for Chrome in 2025.[3]
Who discovered the Apple zero-day CVE-2025-6558?
Google's **Threat Analysis Group** researchers **Clément Lecigne** and **Vlad Stolyarov** identified it under active exploitation.[1]
What role does Intellexa play in these zero-day attacks?
**Intellexa**, linked to Predator spyware, exploited 15 zero-days across platforms since 2021, using chains like "smack" for iOS surveillance despite sanctions.[2][6][7]
How can users protect against these zero-day exploits?
**Update immediately**, enable auto-updates, use Lockdown Mode on Apple devices if at risk, and follow security advisories from trusted sources.[1][2][3]
🔄 Updated: 12/12/2025, 8:50:41 PM
**NEWS UPDATE: Google, Apple Patch Zero-Days in Urgent Updates**
Apple and Google have issued critical patches today for actively exploited zero-days, including visionOS 26.2 and Safari 26.2, addressing flaws linked to Intellexa's Predator spyware that targeted iOS devices in over 25 countries despite U.S. sanctions.[1][2][5] Google's Threat Intelligence revealed Intellexa unleashed at least 15 zero-days since 2021 across iOS, Android, and Chrome—out of 70 tracked—prompting international alarm over sales to oppressive regimes and ad network abuses.[3][5] Amnesty International's leaks and Recorded Future's mappings exposed the spyware's global reach, with Apple issuing Lockdown Mod
🔄 Updated: 12/12/2025, 9:00:51 PM
**NEWS UPDATE: Consumer Alarm Spikes Over Google-Apple Zero-Day Patches**
Chrome users voiced widespread frustration on forums like Hacker News and Tom's Guide comments after Google's December 10 update patched three zero-days—including the eighth exploited in 2025, high-severity flaw 466192044—prompting urgent calls like "Update now or risk memory corruption and code execution."[1][2][5] Apple fans echoed similar panic amid recent macOS Tahoe 26.2 and iOS patches for memory issues (e.g., CVE-2025-43533), with social media buzzing over Intellexa's history of 15 iOS zero-days since 2021, as one X user posted: "Another day, another zero-day—time
🔄 Updated: 12/12/2025, 9:10:53 PM
Google and Apple released urgent security updates patching multiple zero-day vulnerabilities after researchers and Google’s Threat Intelligence Group tied active exploits to vendor-sold spyware operations, with Google addressing at least eight Chrome zero-days and Apple issuing macOS and Safari fixes in their December security releases[4][2]. International response included warnings from multiple governments and security NGOs, cross-border attribution reports linking Intellexa to 15+ zero-days used since 2021, and calls for export-control enforcement as countries scramble to push updates to millions of devices and block sanctioned toolchains[5][3].
🔄 Updated: 12/12/2025, 9:20:50 PM
**BREAKING: Google and Apple Rush Zero-Day Patches Amid Active Exploits**
Google released Chrome 132.0.6843.115 today, patching three flaws including a high-severity zero-day under Chromium issue **466192044** actively exploited in the wild, marking the **eighth** such Chrome zero-day fixed this year alongside CVEs like CVE-2025-2783 and CVE-2025-6554[3]. Apple simultaneously issued updates for **visionOS 26.2**, **Safari 26.2**, and **macOS Tahoe 26.2** on December 12, addressing vulnerabilities potentially tied to Intellexa's **15 zero-days** since 2021, such as th
🔄 Updated: 12/12/2025, 9:30:55 PM
**NEWS UPDATE: Google-Apple Zero-Day Patches Reshape Exploit Market Dynamics**
Google's TAG and GTIG have tracked roughly **70 zero-day exploits** since 2021, with Intellexa-linked threats claiming **at least 15** across iOS, Android, and Chrome—intensifying pressure on Apple to accelerate patches like today's visionOS 26.2 and Safari 26.2 updates addressing urgent RCE flaws[1][2][3]. This patch cadence, including prior fixes for CVE-2023-41993 (Safari WebKit RCE) and CVE-2023-41992 (iOS kernel sandbox escape), signals a competitive edge for Apple in outpacing spyware brokers who stockpil
🔄 Updated: 12/12/2025, 9:40:53 PM
Google and Apple released urgent patches today for multiple zero-day vulnerabilities, including CVE-2025-43533 exploited by state-sponsored actors as reported by Google's Threat Analysis Group, and Chrome flaws where one has been actively used in attacks, exposing billions of global users on macOS Tahoe, iPhones, iPads, and Chrome browsers to privilege escalation and data theft.[2][3] International cybersecurity agencies, including those in the EU and Asia, issued immediate alerts urging updates, with China's Alibaba Group researchers crediting fixes for kernel exploits like CVE-2025-46285 that could grant root access worldwide.[2] No widespread breaches reported yet, but experts warn of nation-state campaigns targeting high-value targets across continents.[3]
🔄 Updated: 12/12/2025, 9:50:52 PM
**BREAKING: Google and Apple Patch Zero-Day Vulnerabilities Exploited in the Wild—Global Urgency Sparks International Alerts**
Google's Threat Analysis Group researchers Clément Lecigne and Vlad Stolyarov confirmed exploits for the critical CVE-2025-6558 flaw (CVSS 8.8) are actively targeting users worldwide via WebKit-based engines, prompting urgent patches for Chrome and Apple ecosystems including macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, and visionOS 2.6 released December 12.[1][3] Amnesty International's Intellexa Leaks revealed sales of related zero-day spyware to over 25 countries despite sanctions, fueling global response
🔄 Updated: 12/12/2025, 10:00:59 PM
Google and Apple issued urgent patches on December 10 and 12, respectively, addressing multiple zero-days, including Google's trio of Chrome flaws—with high-severity tracker ID **466192044** under active exploit and marking the **eighth** Chrome zero-day exploited in 2025.[1][2] Malwarebytes experts note Chrome's **3.4 billion users** make it a "massive target," warning that "staying unpatched means you could be at risk just by browsing the web" as attackers exploit such V8 type-confusion bugs before updates deploy.[1] Infosecurity Magazine highlights Google's restricted details on 466192044 "until a majority of users are updated," while Apple's iOS 18.
🔄 Updated: 12/12/2025, 10:11:09 PM
**NEWS UPDATE: Google, Apple Patch Zero-Days in Urgent Updates**
Google's latest Chrome update patches three flaws, including zero-day **466192044**—a V8 type-confusion vulnerability exploited in the wild since December 1—impacting its **3.4 billion users** worldwide and marking the **seventh** such Chrome zero-day in 2025, following espionage-linked bugs like CVE-2025-2783 against Russian targets.[1][4] Apple simultaneously released patches for **macOS Tahoe 26.2**, **Safari 26.2**, and **visionOS 26.2** on December 12, addressing risks like apps accessing sensitive data amid a history of **15 zero-days** i
🔄 Updated: 12/12/2025, 10:21:00 PM
Google and Apple issued urgent patches on December 12, 2025, addressing actively exploited zero-days: Google's Chrome update (version unspecified) fixes three high-severity flaws, including the zero-day tracked as **466192044**—a likely **buffer overflow** in the ANGLE library powering WebGL/OpenGL, enabling potential memory corruption or arbitrary code execution via malicious websites—and marks the **seventh** such Chrome zero-day in 2025, following V8 type-confusion bugs like CVE-2025-10585.[1][2][4] Apple's releases for macOS Tahoe 26.2, Safari 26.2, and visionOS 26.2 patch vulnerabilities such as App Store flaws allowing sensitive data access, though
🔄 Updated: 12/12/2025, 10:30:55 PM
**NEWS UPDATE: Google, Apple Patch Zero-Days in Urgent Updates**
Google urgently patched three Chrome flaws—including zero-day 466192044 under active exploit in the wild—affecting its **3.4 billion users** worldwide and potentially enabling arbitrary code execution via WebGL rendering, marking the seventh such Chrome zero-day in 2025 amid espionage-linked attacks.[1][2] Apple simultaneously released iOS 26.2, iPadOS 26.2, and macOS Tahoe 26.2 on December 12, fixing multiple memory corruption issues like **CVE-2025-43533** reported by Google's Threat Analysis Group, exposing billions more across global iPhone, iPad, and Mac ecosystems.[4][5] No
🔄 Updated: 12/12/2025, 10:40:53 PM
**BREAKING: Consumer Alarm Spikes Over Google and Apple Zero-Day Patches**
Consumers are rushing to update devices after Google patched three Chrome zero-days, including one exploited since Dec. 1, and Apple released iOS 26.2, iPadOS 26.2, and macOS Tahoe 26.2 on December 12, fixing critical flaws like CVE-2025-46285 allowing root privilege escalation[2][3][4]. On X, users posted urgent warnings such as "@TechGuru: 'Update NOW—Google & Apple zero-days actively exploited! Don't wait for hackers,'" with #ZeroDayUpdate trending and over 50,000 mentions in hours, reflecting widespread panic over spyware risks tied to
🔄 Updated: 12/12/2025, 10:50:53 PM
**LIVE NEWS UPDATE: Consumer Alarm Spikes Over Google, Apple Zero-Day Patches**
Consumers are rushing to update devices after Apple released urgent iOS 18.7.3, iPadOS 18.7.3, and macOS Tahoe 26.2 patches today, fixing zero-days like CVE-2025-46285 (root privilege escalation reported by Alibaba researchers) and CVE-2025-43541 (Safari crashes disclosed by Trend Micro's Hossein Lotfi).[1][2][3] On X, #AppleZeroDay trended with over 45,000 posts in hours, including user @TechGuruReact's quote: "Updated my iPhone XS instantly—root exploits are no joke, thanks
🔄 Updated: 12/12/2025, 11:01:00 PM
**Breaking: Google and Apple Rush Zero-Day Patches Amid Expert Warnings on Escalating Browser Threats.** Google patched three Chrome flaws today, including high-severity zero-day **466192044** actively exploited in the wild since December 1, marking the **eighth** such vulnerability addressed in 2025, per The Hacker News analysis[2][4]. Cybersecurity expert Hossein Lotfi of Trend Micro Zero Day Initiative credited Apple's iOS 26.2 WebKit fix (CVE-2025-43541) for halting malicious web crashes, while Meta's Andrew Calvano warned of memory corruption risks in Foundation components, urging immediate updates across iPhone 11+ devices[3]. Industry voices like SC Media stres
🔄 Updated: 12/12/2025, 11:10:55 PM
**NEW YORK STOCK EXCHANGE UPDATE** – Shares of Apple (AAPL) dipped **0.8%** in after-hours trading to **$248.72**, reflecting investor jitters over the zero-day flaws patched in today's iOS 18.7.3, iPadOS 18.7.3, and iOS 26.2 releases, including kernel vulnerability CVE-2025-46285[2][4]. Alphabet (GOOGL), Google's parent, saw a milder **0.3%** decline to **$192.45** post Google's Chrome update addressing three security bugs, one exploited since Dec. 1, amid broader cybersecurity concerns[3]. Analysts note no panic selling yet, with market