Apple urges immediate update to patch critical security flaws affecting privacy and browser security

Apple has issued an urgent advisory for users to update their devices after uncovering severe vulnerabilities, including one that could leak fingerprint data and allow browser spoofing. The patches target critical security flaws across macOS, iOS, and Safari to safeguard user privacy and prevent exploitation.

Apple has urgently advised users to update their devices due to significant security vulnerabilities recently uncovered, which pose serious risks to user privacy and safety. This advisory is not primarily about new features in the latest operating systems but rather addresses the necessity to patch critical security flaws that could be exploited by malicious actors.

A key vulnerability, identified as CVE-2025-43327, was revealed by cybersecurity firm Malwarebytes. This flaw, existing in the call history component of Apple devices, potentially allowed attackers to extract users’ fingerprint data—a serious privacy concern. Additionally, a related vulnerability in Safari has the potential to spoof the browser’s address bar, misleading users into believing they are visiting legitimate sites when, in fact, they could be directed to harmful, malicious websites. Experts at Malwarebytes explained how this “address bar spoofing” can trick users by displaying false URLs such as login.bank.com even when accessing a fraudulent page. These issues have been addressed in Apple’s latest updates, including macOS Tahoe 26, iOS 26, and iPadOS 26.

The National Institute of Standards and Technology (NIST) further details the Safari-related vulnerability as an out-of-bounds access problem corrected through enhanced bounds checking. This fix prevents attackers from exploiting the browser to distort the address bar display. Apple’s security update not only tackles this issue with Safari 26 and macOS Tahoe 26 but also includes improved memory management to prevent unexpected browser crashes caused by malicious web content, covering another vulnerability labeled CVE-2025-43368.

Apple’s official support documentation confirms that macOS Tahoe 26 addresses these vulnerabilities by adding protective logic to prevent address bar spoofing in Safari. This update is compatible with a wide range of Apple devices, including recent Mac Studio, iMac, Mac Pro, Mac mini, and various MacBook models, especially those with Apple Silicon chips.

Experts strongly recommend users update to the latest versions, either moving straight to macOS Tahoe 26, iOS 26, and iPadOS 26 for the newest features and security improvements or at least upgrading to the previous versions—iOS 18.7, iPadOS 18.7, and macOS Sequoia 15.7—where these vulnerabilities have also been patched. These updates are essential to mitigate the risks posed by these security flaws.

In addition to the vulnerabilities uncovered in Apple’s operating systems and Safari browser, there is broader concern about other active threats. For instance, a critical zero-day flaw (CVE-2025-6558) has been exploited primarily in Chrome but also affects Apple devices via the WebKit engine used by Safari. This exploit allows arbitrary code execution through the mishandling of untrusted input in graphic abstraction layers, potentially enabling attackers to escape browser sandboxing. Apple has rolled out security patches addressing this issue as well, underscoring the critical need for updates.

Given the scale and severity of these vulnerabilities, timely software updates are a crucial defence for all Apple device users. This ensures protection not only against fingerprint data breaches and browser spoofing but also from deeper system exploits that could compromise device integrity and user data security.

📌 Reference Map:

• – Paragraph 1 – ^[1], ^[4]
• – Paragraph 2 – ^[1], ^[4]
• – Paragraph 3 – ^[2], ^[3], ^[4]
• – Paragraph 4 – ^[1], ^[3]
• – Paragraph 5 – ^[1], ^[3]
• – Paragraph 6 – ^[7]
• – Paragraph 7 – ^[1], ^[4], ^[7]

Source: Noah Wire Services