Apple’s iOS 18.6 update, which was released earlier this week, fixed a critical vulnerability that is being exploited by hackers in the wild.
Bleeping Computer reports that the bug, tracked under the name CVE-2025-6558, allowed for attackers to target Google Chrome users by crafting malicious HTML pages, potentially allowing them to run arbitrary code on the victim’s computer.
The bug has been added to America’s Cybersecurity & Infrastructure Security Agency (CISA)’s vulnerability catalog, which listed it as being actively exploited. That makes it far more dangerous than bugs that have only been found to work in theory, which is why you should update your devices and software as soon as possible.
The bug primarily affects Chrome — Google fixed the vulnerability on July 15 with an update (Chrome version 138.0.7204.157), and you should update your Chrome browser right now if you haven’t done so before. Google didn’t release all the information about the vulnerability, saying that it’s waiting until the majority of users have updated their browsers.
The same bug also affects Apple software, which is why Apple published a fix and bundled it with the iOS 18.6 release. According to the company, the bug can be used by malicious hackers to craft a web page that may unexpectedly crash Safari.
The same bug also affects iPads, so if you have one, make sure to update to iPadOS 18.6.
