An emergent surge of urgent security advisories has permeated the tech sector in December, with both Google and Apple warning Android and iPhone users of critical vulnerabilities being actively exploited in the wild. Termed “Dangerous December,” this time period marks a significant ramping up of the threat landscape for mobile users, as both companies have issued emergency patches to remediate vulnerabilities capable of enabling attacker control of devices through specially crafted web content or malicious image files.
Google kicked off the month by confirming that Android devices are currently at risk due to two critical vulnerabilities being actively exploited. The company issued a rapid emergency patch for all Chrome users, so fast it was delivered before it even received an official CVE designation. The vulnerability is currently known as CVE-2025-14174 and is considered actively exploited; Google urges users to update now to avoid being compromised.
Apple subsequently released emergency updates for iPhones, iPads, and other Apple devices to address two vulnerabilities, including CVE-2025-14174 and another identified as CVE-5-29. Both vulnerabilities are associated with the WebKit browser engine, which supports Safari and other browsers on iOS devices.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: