Article

Alert: Apple Security Updates – December 2025

Apple has released security updates to address two zero‑day vulnerabilities CVE‑2025‑43529 and CVE‑2025‑14174 that were actively exploited in targeted attacks and could enable an attacker to run malicious code or corrupt memory on affected devices.

Security Risks

The identified vulnerabilities pose significant security risks, including potential code execution, privilege elevation, and unauthorized data access, which could compromise the integrity and confidentiality of user data and system functionality.

For the full list of security updates released by Apple, please refer to Apple security releases.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

1. Upgrade, as soon as possible, to the latest supported version of installed Apple software in order to continue receiving technical support and security patches.

The following software versions are released for upgrade, including but not limited to:

iOS 26.2 and iPadOS 26.2: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.
iOS 18.7.3 and iPadOS 18.7.3: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
Safari 26.2: macOS Sonoma and macOS Sequoia.
macOS Sonoma 14.8.3: for all Macs running macOS Sonoma.
macOS Sequoia 15.7.3: for all Macs running macOS Sequoia.
watchOS 26.2: for all Apple Watch Series 6 and later.
tvOS 26.2: for all Apple TV HD and Apple TV 4K (all models).

2. Enable background updates or automatic updates

3. Before any update task, ensure you have backup for your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.

References

15 December 2025

More updates

15 December 2025

Security Alert: React Server Components – Denial-of-Service and Source Code Exposure

Multiple vulnerabilities have been discovered in React Server Components

12 December 2025

Security Alert: Notepad++ Update Vulnerability Enables Malware Installation

A critical security flaw has been identified in the Notepad++ WinGUp updater.

11 December 2025

Alert: Microsoft Security Updates – December 2025

Microsoft has released security updates to address vulnerabilities in its software products.

11 December 2025

Security Alert: WinRAR Zero-Day Vulnerability

Two critical zero-day vulnerabilities in WinRAR, tracked as CVE-2025-6218 and CVE-2025-8088, have been publicly disclosed.

Apple has released security updates to address two zero‑day vulnerabilities CVE‑2025‑43529 and CVE‑2025‑14174 that were actively exploited in targeted attacks and could enable an attacker to run malicious code or corrupt memory on affected devices.

Security Risks

The identified vulnerabilities pose significant security risks, including potential code execution, privilege elevation, and unauthorized data access, which could compromise the integrity and confidentiality of user data and system functionality.

For the full list of security updates released by Apple, please refer to Apple security releases.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

1. Upgrade, as soon as possible, to the latest supported version of installed Apple software in order to continue receiving technical support and security patches.

The following software versions are released for upgrade, including but not limited to:

iOS 26.2 and iPadOS 26.2: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

iOS 18.7.3 and iPadOS 18.7.3: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.

Safari 26.2: macOS Sonoma and macOS Sequoia.

macOS Sonoma 14.8.3: for all Macs running macOS Sonoma.

macOS Sequoia 15.7.3: for all Macs running macOS Sequoia.

watchOS 26.2: for all Apple Watch Series 6 and later.

tvOS 26.2: for all Apple TV HD and Apple TV 4K (all models).

2. Enable background updates or automatic updates

3. Before any update task, ensure you have backup for your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.

References

https://support.apple.com/en-us/HT201222.

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

	info@ncsa.gov.rw
	9009 / 0781813310
	‎+250 791 445 224