HIGHZero Day
Verified
Global

Apple Patches Actively Exploited WebKit Zero-Day in iOS and macOS

·Source: Apple / Citizen Lab

Updated:

Executive Summary

Apple releases emergency updates for iOS 18.4 and macOS 15.4 to fix WebKit zero-day used in targeted attacks. Sophisticated exploit chain confirmed.

Analysis

Apple has released emergency security updates for CVE-2026-23529, a use-after-free vulnerability in WebKit being actively exploited in "extremely sophisticated" targeted attacks. The vulnerability affects iOS, iPadOS, macOS, visionOS, and Safari. Apple credits Citizen Lab for the discovery, suggesting surveillance-related exploitation. Update to iOS 18.4, macOS 15.4, and Safari 18.4 immediately.

Timeline

Discovered
Feb 20, 2026
Exploitation Detected
Feb 20, 2026
Published
Feb 25, 2026
Patch Available
Feb 25, 2026

Indicators of Compromise (1)

CVE (1)
CVE-2026-23529
NVDMITRE CVE
Source Attribution

Originally published by Apple / Citizen Lab on Feb 25, 2026. Verified by: Apple, Citizen Lab.

Related Threats

CRITICALZero Day

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (

The Hacker News
CRITICALZero Day

White House moves to give federal agencies access to Anthropic’s Claude Mythos

The US government is preparing to authorize a version of Anthropic’s Claude Mythos model for use by major US federal agencies, amid concerns that the AI model could rapidly spot cybersecurity vulnerabilities and offer the ability to exploit them. Federal Chief Information Officer Gregory Barbaccia at the White House Office of Management and Budget (OMB) told officials at Cabinet departments on Tue

CSO Online
CRITICALZero DayPOC

Caught, Quarantined, Re-installed: RedSun turns Microsoft Defender on itself

Days after Microsoft patched a high-severity issue affecting its Windows Defender antivirus tool through April’s Patch Tuesday, researchers warn of another vulnerability that could enable SYSTEM privileges through local escalation. In a newly disclosed proof-of-concept (PoC) exploit, dubbed “RedSun,” GitHub user going by the name “Nightmare Eclipse” demonstrated how Microsoft Defender’s handling o

CVE-2026-33825
CSO Online