When Apple dropped iOS 18.6 this week, it did not ship a bunch of recent options and adjustments. Certainly, whenever you replace your iPhone, it’s going to seem precisely because it did working iOS 18.5. Below the hood, nonetheless, the replace launched greater than 20 patches for safety vulnerabilities throughout iOS, making it an vital safety replace for all appropriate gadgets.
When Apple launched its safety notes for the replace, it didn’t point out whether or not any of the failings had been zero-days—in different phrases, whether or not any of the failings had been exploited or publicly disclosed earlier than a patch was available. That places the consumer , because it suggests dangerous actors have not found out the best way to benefit from any of the now-fixed flaws. Nevertheless, because it seems, considered one of these flaws was actively exploited—simply not in opposition to an Apple product.
The vulnerability in query is tracked as CVE-2025-6558. Per Apple’s launch notes, this can be a flaw that would crash Safari when processing malicious net content material. As Apple states, the vulnerability is not an iOS-specific flaw; moderately, it is a vulnerability in open supply code, and Apple’s software program is impacted.
Whereas Apple says this vulnerability was not exploited in opposition to Apple software program, not less than on the time the discharge notes had been printed, one piece of software program that seems to have been actively exploited utilizing this flaw is Google Chrome. As reported by Bleeping Laptop, CVE-2025-6558 can enable dangerous actors to run their very own code inside Chrome’s GPU course of when visiting malicious web sites. This might allow hackers to interrupt into the working system of the goal’s machine. For those who’re utilizing an Apple product, that may imply iOS, macOS, iPadOS, tvOS, visionOS, or watchOS could possibly be compromised from this assault. (Apple launched safety updates for all of those OSes, respectively.)
The flaw is critical enterprise: The Cybersecurity and Infrastructure Safety Company (CISA) listed this flaw amongst its Recognized Exploited Vulnerabilities Catalog, and now requires federal companies to replace their software program by Aug. 12.
What do you assume to this point?
Defending your gadgets from this zero-day
To be sure to defend your gadgets from this vulnerability, you will wish to replace all affected {hardware} and software program. Which means you will wish to replace any Apple gadgets to iOS 18.6, and if you happen to use Chrome or a Chromium-based browser (like Microsoft Edge or Opera) you will wish to replace it to the newest model.
You possibly can sometimes set up Apple updates, reminiscent of on an iPhone, from Settings > Common > Software program Replace. On Chrome, click on the three dots within the prime proper, then go to Assist > About Google Chrome.
