**Apple and Google Forced into Emergency Patching after 0-Day Bugs Exploited**

In a sudden turn of events, both Apple and Google have issued emergency patches to address zero-day bugs that were being actively exploited in what the companies describe as "sophisticated" real-world attacks. The tech giants have rushed updates out the door to close vulnerabilities that attackers were already abusing against an unspecified number of targets, leaving users with no choice but to patch first and ask questions later.

Apple has pushed fresh security updates across its ecosystem, including iPhones, iPads, and Macs, fixing a pair of bugs in WebKit that may have been abused in an "extremely sophisticated attack against specific targeted individuals." However, Cupertino was typically tight-lipped about technical details, only warning that the exploits were real and already in circulation.

Google, on the other hand, shipped a Chrome Stable channel update addressing multiple security flaws, including at least one zero-day that had already been exploited before a fix was available. The high-risk bug, tracked as CVE-2025-14174, is an out-of-bounds memory access vulnerability, with Google acknowledging it was aware of an exploit in the wild.

Interestingly, Google quietly fixed the Chrome bug last Wednesday but said the vulnerability was still "under coordination." The Chocolate Factory updated its patch notes after Apple disclosed its own findings, revealing the overlap between the two companies' investigations. Neither company has spilled many technical details, but Google credits the discovery of CVE-2025-14174 to Apple's security engineering team and Google's Threat Analysis Group – a unit better known for tracking mercenary spyware vendors and state-backed intrusion campaigns than for chasing everyday malware.

This attribution strongly hints that this was spyware-grade exploitation rather than opportunistic drive-by hacking. The flurry of fixes adds to a growing zero-day tally for both firms, with Apple now having patched nine vulnerabilities exploited in the wild so far in 2025 and Google tackling eight Chrome zero-days this year – a pace that suggests attackers continue to prize browsers and mobile platforms as some of the most lucrative real estate around.

The rush to patch these vulnerabilities raises several questions. How did attackers discover and exploit these bugs before they were patched? What kind of impact will these exploits have on users who haven't yet updated their software? And what does this say about the cat-and-mouse game between tech companies and hackers?

These are just some of the pressing issues that come to mind as we navigate this rapidly evolving cybersecurity landscape. One thing is certain, however: users must stay vigilant and keep their software up-to-date to avoid falling victim to these high-risk exploits.

**Related Stories**

* Apple patches iOS zero-day exploit used by hackers * Google Chrome update fixes critical security flaws * Zero-day bugs: the silent threat lurking in your digital life