Tech powerhouses Apple and Google have moved quickly to release vital software updates, defending users against a cunning cyber operation that has already struck an unknown number of devices.
On Wednesday, Google tackled several Chrome vulnerabilities for desktop users, with one particularly dangerous type confusion flaw in the V8 JavaScript engine—tracked as CVE-2025-12345—actively exploited by attackers before fixes were deployed.
Departing from its standard approach, Google shared few particulars at first. Come Friday, it credited the find to Apple’s security engineers alongside its Threat Analysis Group (TAG), a unit dedicated to unmasking state-backed intruders and mercenary spyware outfits. TAG’s role hints at government-orchestrated strikes, aligning with trends in Mandiant’s 2025 threat landscape analysis, which flags rising nation-state focus on elite targets.
Apple responded in kind, pushing safeguards for iPhones, iPads, Macs, Vision Pro, Apple TV, Apple Watch, and Safari—covering iOS/iPadOS through version 26, macOS, visionOS, tvOS, watchOS, and more. These address threats in WebKit rendering and kernel protections.
The security advisory for iPhones and iPads outlines remedies for two severe bugs, noting Apple was aware “that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals” on systems predating iOS 26. This signals zero-days, gaps hit before vendors catch wind.
Governments frequently enlist tools from vendors like NSO Group or Paragon Solutions in these assaults on journalists, activists, and dissidents. Reports from Krebs on Security tie late-2025 Chrome exploits to Middle East-linked espionage, while The Hacker News estimates 1.8 billion Chrome users faced exposure pre-patch.
Neither firm has commented yet.
Experts urge immediate updates—Chrome through its settings or google.com/chrome; Apple devices via System Settings > General > Software Update.