Just days after Google, Apple rolls out emergency zero-day security update

Apple has joined Google in releasing emergency security updates after critical zero-day vulnerabilities were discovered and actively exploited in the wild on devices and software used by millions of people worldwide. The announcements come just days after both companies responded to previously undisclosed security flaws tied to sophisticated hacking campaigns.

According to reports, Google pushed urgent fixes for several high-severity bugs, including actively exploited vulnerabilities in its Chrome browser and other software components. One of the Chrome bugs had already been used by attackers before a patch was available, prompting an emergency release.

Apple’s emergency update effort spans multiple platforms — including iPhones, iPads, macOS, watchOS, and Safari — closing at least two zero-day flaws that security agencies say have been exploited in real-world attacks. The vulnerabilities, discovered in the WebKit browser engine used by Safari and other Apple products, could allow remote code execution or memory corruption when processing malicious web content.

In Singapore, the Cyber Emergency Response Team (SingCert) advised Apple device owners to update to the latest software version, iOS 26.2, which contains over 20 security fixes, including the zero-day patches. The advisory noted the flaws were already being used in targeted campaigns, underscoring the urgency of the update.

The emergency updates from Apple and Google follow broader cybersecurity trends in 2025, where zero-day vulnerabilities have been exploited across widely used software. For example, Google patched multiple actively exploited Chrome zero-day bugs earlier in the year after attackers leveraged flaws in its V8 JavaScript engine.

Security analysts point to an increase in sophisticated threat activity linked to both commercial spyware vendors and state-sponsored actors. In some cases, these groups have targeted specific high-value individuals rather than broad consumer bases, reflecting a shift in how zero-day exploits are used in the wild.

Both companies have encouraged users and administrators to install the latest patches immediately and to enable additional protections such as two-factor authentication and regular software updates to reduce the risk posed by unpatched vulnerabilities.