Apple Rushes WebKit Security Updates After Google's Sandbox Escape Flaw Discovery
Google's Threat Analysis Group revealed a high-severity vulnerability in Apple's ANGLE and GPU in Google Chrome on June 23, 2025. The flaw, identified as CVE-2025-6558, allowed remote attackers to potentially escape sandboxes via crafted HTML pages. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) promptly added it to its Known Exploited Vulnerabilities (KEV) catalog.
Apple swiftly addressed the issue by releasing WebKit security updates. The fix covered multiple products, including iOS, macOS, iPadOS, visionOS, watchOS, and tvOS. Notably, Google's Threat Analysis Group discovered the defect in Open-Source code before any zero-day attacks against Google Chrome users occurred. However, the vulnerability was exploited in the wild, with a nation-state actor or commercial spyware vendor likely behind the attacks.
Apple's prompt response to the CVE-2025-6558 vulnerability demonstrates their commitment to social security. With the fix now available, users are advised to update their respective Apple devices to ensure protection against potential threats.
