Attackers keep leveraging zero day WebKit flaws as slow patch adoption leaves many devices exposed to “zero click” remote compromise.

iPhone users have apparently been slow to install the latest iOS security updates after researchers linked new zero‑click exploits to a mercenary spyware, used to target high‑profile figures including politicians, journalists, and activists worldwide.

The immediate concern is a class of so‑called “zero‑click vulnerabilities” that allow attackers to compromise an iPhone without any user interaction, often through malicious content delivered via iMessage or other system components.

According to Citizen Lab, University of Toronto, multiple exploit chains are capable of silently taking over even fully patched iPhones prior to the availability of fixes, including the FORCEDENTRY flaw in 2021 that had abused Apple’s image‑processing components. In such cases, Apple had responded with out‑of‑band patches and urged users to update immediately, stressing that although these attacks target a small subset of users, the underlying bugs affect every supported device.

​In its latest Webkit Flaw warnings (CVE-2025-43529 and CVE-2025-14174), Apple has continued a pattern of sending targeted notifications to users in dozens of countries when it detects signs of “mercenary spyware” activity against their accounts, while withholding technical details (i.e., the names of the malicious actors) to avoid helping attackers. Note: WebKit serves as the browser engine behind Safari and all third-party browsers on iOS, meaning avoiding Safari alone offers no protection.

Delayed patching benefits cyber mercenaries

Independent security advisories describe the most recent bugs as critical memory‑corruption and validation flaws that allow arbitrary code execution via crafted images and PDFs, and note that the exploits appear to be in active use against selected individuals rather than the general public.

Researchers and vendors alike emphasize that once a zero‑click chain is discovered, there is often a rush by threat actors to exploit unpatched devices before updates are widely installed, making prompt installation of new iOS versions critical. Users of vulnerable devices should install the latest iOS release as soon as it becomes available, enable automatic updates, and reboot devices regularly to disrupt in‑memory exploits, even though this alone will not block sophisticated spyware.

High‑risk users such as journalists, political figures, staff of non-governmental agencies, as well as lawyers, are being urged to consider enabling Lockdown Mode, minimizing use of rich‑media messaging, and seeking independent forensic checks if they suspect targeting. While the technology firm maintains that mercenary spyware attacks remain relatively rare, its own emergency advisories and legal actions signal that such mercenary malware are now a persistent fixture of the mobile threat landscape, rather than an anomaly.