Apple Patches Actively Exploited WebKit Zero-Day in iOS and macOS

Wednesday, February 25, 2026 at 06:00 PM UTC·Source: Apple / Citizen Lab

Updated: Thursday, February 26, 2026 at 10:00 AM UTC

Executive Summary

Apple releases emergency updates for iOS 18.4 and macOS 15.4 to fix WebKit zero-day used in targeted attacks. Sophisticated exploit chain confirmed.

Analysis

Apple has released emergency security updates for CVE-2026-23529, a use-after-free vulnerability in WebKit being actively exploited in "extremely sophisticated" targeted attacks. The vulnerability affects iOS, iPadOS, macOS, visionOS, and Safari. Apple credits Citizen Lab for the discovery, suggesting surveillance-related exploitation. Update to iOS 18.4, macOS 15.4, and Safari 18.4 immediately.

Timeline

Discovered

Feb 20, 2026

Exploitation Detected

Feb 20, 2026

Published

Feb 25, 2026

Patch Available

Feb 25, 2026

Indicators of Compromise (1)

CVE (1)

CVE-2026-23529

NVD MITRE CVE

Source Attribution

Originally published by Apple / Citizen Lab on Feb 25, 2026. Verified by: Apple, Citizen Lab.

Related Threats

CRITICALZero Day

Microsoft Exchange Zero-Day Under Attack, No Patch Available

CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.

CVE-2026-42897

14h agoDark Reading

MEDIUMZero Day

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One weak dependency can leak keys. One leaked key can open cloud access. One cloud foothold can become a production

22h agoThe Hacker News

CRITICALZero Day

‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit

An old elevation-of-privilege (EoV) vulnerability affecting the Cloud Filter driver “cldflt.sys” in Windows has come back to haunt Microsoft, as researchers claim it is still exploitable six years after it was supposedly patched. The flaw, originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020, was recently picked up by Nightmare Eclipse , a researcher o

CVE-2020-17103CVE-2026-33825

1d agoCSO Online