CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Jan 5, 2026
Description
Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
EPSS — Exploit Probability
Higher than 20.8% of all CVEs
Required Action
https://support.apple.com/en-us/125884 ; https://support.apple.com/en-us/125892 ; https://support.apple.com/en-us/125885 ; https://support.apple.com/en-us/125886 ; https://support.apple.com/en-us/125889 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43529
Related Articles (4)
New “Darksword” iOS exploit used in infostealer attack on iPhones
A new exploit kit for iOS devices and delivery framework dubbed "Darksword" has been used to steal a wide range of personal information, including data from cryptocurrency wallet app.
Mar 18, 2026
‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors
Targeting six iOS vulnerabilities and leading to full device compromise, the exploit chain is meant for surveillance.
Mar 18, 2026
DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
DarkSword exploit targets iOS 18.4–18.7 using 6 flaws and 3 zero-days, enabling rapid data theft from iPhones across multiple countries.
Mar 19, 2026
CISA orders feds to patch DarkSword iOS flaws exploited attacks
CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit.
Mar 23, 2026
Risk Assessment
ELEVATEDDetails
- Severity
- High
- EPSS
- 0.1%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 4
Timeline
Published
Dec 15, 2025
Added to KEV
Dec 15, 2025
Remediation Due
Jan 5, 2026