InfoSecBulletin Cybersecurity for mankind
CISA has listed a critical zero-day vulnerability affecting various Apple products in its Known Exploited Vulnerabilities catalog, indicating it is being actively exploited. CVE-2025-43529 is a severe use-after-free vulnerability in WebKit, Apple’s rendering engine, affecting millions of users on iOS, iPadOS, macOS, and other Apple platforms.
A use-after-free vulnerability (CWE-416) in WebKit can cause memory corruption when a user visits a malicious webpage. CISA confirmed that threat actors are exploiting this vulnerability, leading to its addition to the KEV catalog on December 15, 2025.
OpenAI unveils its first custom chip, Named Jalapeño
Bajaj Auto System Hit by a Ransomware Attack
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
The vulnerability is a serious method for various attacks, such as remote code execution, unauthorized file access, and moving through compromised systems.
Organizations must respond to this threat by January 5, 2026, based on the 21-day remediation period set by CISA’s guidance.
The vulnerability is not yet linked to ransomware campaigns, but confirmed exploitation suggests that advanced threat actors could weaponize it.
CISA advises organizations to address this vulnerability by following the BOD 22-01 guidelines. They should promptly implement vendor-supplied mitigations and security patches as soon as Apple provides them.
