Stay updated with the latest Cybersecurity News on our TecnetBlog.

Apple Fixes a Serious Vulnerability Exploited in Zero-Day Attacks.

Written by Eduardo Morales | Jul 31, 2025 3:00:00 PM

Digital security is something you can never overlook. In recent days, Apple has released an urgent update to fix a critical vulnerability that was already being exploited by attackers online. This threat, cataloged as CVE-2025-6558, directly affected Google Chrome users and could put your data and privacy at risk.

In this article, I’ll explain in simple terms what happened, why you should update your devices as soon as possible, and what steps you can take to protect yourself from these types of attacks.

 

What Exactly Happened with the New Vulnerability?

 

The CVE-2025-6558 vulnerability originated in ANGLE (Almost Native Graphics Layer Engine), an open-source graphics abstraction layer that processes GPU commands and translates them into different graphics APIs such as Direct3D, Metal, Vulkan, and OpenGL.

The issue was caused by improper validation of untrusted input. In simple words: attackers could use maliciously crafted web pages to execute commands within your browser’s graphics process.

This is extremely serious because it allowed them to escape Chrome’s sandbox — the security barrier that isolates browser processes — and get dangerously close to your operating system. Once there, they could potentially install spyware, access your files, or steal your sensitive information.

 

Who Discovered the Vulnerability?

 

The flaw was discovered in June 2025 by Vlad Stolyarov and Clément Lecigne, members of Google’s Threat Analysis Group (TAG), a specialized team dedicated to identifying attacks often backed by state-sponsored actors targeting high-risk individuals such as journalists, political activists, and dissidents.

After identifying the issue, they reported it to the Google Chrome team, which patched it on July 15, 2025. However, the fact that it was already being exploited in real attacks raised major alarms across the cybersecurity community.

 

Why Is This Flaw So Dangerous?

 

What makes this case particularly serious is that it’s a zero-day attack. These threats are called that because attackers exploit the vulnerability before the company can fix it, leaving users completely exposed.

In this case, the flaw allowed attackers to execute arbitrary code in your Chrome browser. This means they could control what happened inside your browser without you noticing, with consequences such as:

 

  1. Stealing your saved passwords and credentials
  2. Installing spyware or malware silently
  3. Accessing your emails, social networks, and even online banking accounts
  4. Monitoring your browsing activity

 

In short: it was the perfect gateway for an attacker to infiltrate your device.

 

Affected Devices

 

Apple acted quickly and released security updates to close this vulnerability on its main systems. If you own any of these devices, you must update immediately:

 

  1. iPhone XS and later (with iOS 18.6)
  2. iPad Pro (13", 12.9" 3rd gen and later, 11" from 1st gen), iPad Air 3rd gen and later, iPad 7th gen and later, and iPad mini 5th gen and later (with iPadOS 18.6)
  3. Mac computers running macOS Sequoia 15.6
  4. iPad Pro 12.9" 2nd gen, iPad Pro 10.5", and iPad 6th gen (with iPadOS 17.7.9)
  5. Apple TV HD and Apple TV 4K (with tvOS 18.6)
  6. Apple Vision Pro (with visionOS 2.6)
  7. Apple Watch Series 6 and later (with watchOS 11.6)

 

If you haven’t updated yet, your device is at risk.

 

The Warning from Authorities

 

On July 22, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this vulnerability to its catalog of actively exploited flaws. It also required all federal agencies to patch it by August 12, 2025.

Although the mandate directly applies to government institutions, the recommendation also extends to all individuals and businesses: update as soon as possible.

According to CISA, vulnerabilities like this are a favorite entry point for cybercriminals to launch targeted attacks.

 

Learn more: Google Warns About 97 Zero-Day Vulnerabilities Exploited in 2024

 

Apple Has Already Patched Multiple Zero-Days in 2025

 

This isn’t an isolated case. So far in 2025, Apple has already patched five zero-day vulnerabilities before this one:

 

  1. January: CVE-2025-24085
  2. February: CVE-2025-24200
  3. March: CVE-2025-24201
  4. April: CVE-2025-31200 and CVE-2025-31201

 

This proves that attackers are constantly seeking new ways to exploit weaknesses in widely used systems, which makes continuous prevention and updates essential.

 

How You Can Protect Yourself

 

To keep your information safe, here are the practical steps you should follow:

 

Update All Your Apple Devices

 

  1. On iPhone and iPad, go to Settings > General > Software Update.
  2. On your Mac, open System Preferences > Software Update.
  3. Do the same with your Apple Watch, Apple TV, and Apple Vision Pro.

 

Always Use the Latest Browser Version

 

If you use Google Chrome, make sure it’s updated. Click the three dots (top right), go to Help > About Google Chrome, and check for updates.

 

Enable Automatic Updates

 

This ensures you never miss critical patches. Often, it’s the best way to stay protected at all times.

 

Avoid Suspicious Websites

 

Don’t click on unknown links received via email, text messages, or social media, especially if you don’t trust the sender.

 

Strengthen Your Digital Security

 

  1. Use a password manager to avoid reusing passwords.
  2. Turn on two-factor authentication (2FA) for your most important accounts.
  3. Install a reliable antivirus program, especially if you use your Mac for sensitive tasks.

 

You might also be interested: The Best Antivirus Software in 2025: Protection without Compromise

 

What Happens If You Don’t Update?

 

You might think: “Nothing will happen if I wait a few days.” But with a zero-day attack, even hours can make a difference.

 

If you don’t update, you risk exposing your device to:

 

  1. Digital spying
  2. Identity theft
  3. Ransomware attacks locking your files
  4. Losing access to your social networks or banking accounts


In short: delaying the update is like leaving your door wide open for attackers.

 

Conclusion

 

The CVE-2025-6558 vulnerability is a strong reminder that cybersecurity never stops. New threats emerge daily, and your best defense is in your hands: keeping your devices updated and adopting safe digital habits.

Remember: attackers never rest, but you can protect yourself with a single click on “Update.”
View full post