CISA Flags Actively Exploited Apple WebKit and Gladinet Flaws as Nation-State Attacks Intensify + Video

Introduction

The global cybersecurity landscape has entered another tense chapter as U.S. authorities confirm active exploitation of critical software flaws tied to highly targeted attacks. This time, the spotlight falls on Apple’s WebKit engine and enterprise file-sharing platforms from Gladinet. The U.S. Cybersecurity and Infrastructure Security Agency has formally escalated the threat by adding these vulnerabilities to its Known Exploited Vulnerabilities catalog, a move that signals real-world abuse rather than theoretical risk. The decision underscores a growing pattern, sophisticated attackers focusing on precision targets, exploiting trusted platforms, and operating quietly beneath the surface.

the Original Report

The U.S. Cybersecurity and Infrastructure Security Agency has added newly identified vulnerabilities affecting Apple products and Gladinet CentreStack and TrioFox to its Known Exploited Vulnerabilities catalog, confirming that these flaws are being actively abused in the wild. The inclusion follows emergency security updates released by both Apple and Google after discovering zero-day exploits used in highly targeted attacks against an unknown but limited set of users. Unlike mass malware campaigns, these attacks appear selective and deliberate, consistent with the tactics of nation-state actors and commercial spyware operators.

Apple addressed two WebKit vulnerabilities, tracked as CVE-2025-14174 and CVE-2025-43529, impacting iPhones, iPads, Macs, and other Apple platforms. According to Apple, at least one of the flaws may have been exploited in extremely sophisticated attacks against specific individuals running versions of iOS prior to iOS 26. The company acknowledged awareness of active exploitation but declined to provide further technical or attribution details.

CVE-2025-43529 is described as a use-after-free vulnerability within Apple’s WebKit engine, which is responsible for rendering web content across Safari and all applications that depend on WebKit. When memory is improperly handled, WebKit may continue referencing memory that has already been freed. An attacker can exploit this behavior through specially crafted web content, potentially leading to memory corruption, application crashes, or arbitrary code execution. Because WebKit is deeply integrated into Apple’s ecosystem, the flaw has wide-reaching implications across iOS, iPadOS, and macOS environments.

Alongside the Apple vulnerabilities, CISA also added CVE-2025-14611, a critical flaw affecting Gladinet CentreStack and TrioFox. This issue stems from hardcoded cryptographic keys embedded directly in the software. Since these AES encryption keys are fixed and not secret, attackers can extract them and decrypt or manipulate protected data. When deployed on publicly accessible systems, this weakness can be exploited by unauthenticated attackers using specially crafted requests to bypass protections and potentially achieve arbitrary local file inclusion, exposing sensitive files on the underlying system.

Under Binding Operational Directive 22-01, federal civilian executive branch agencies are required to remediate all vulnerabilities listed in the KEV catalog by their assigned deadlines. For these newly added flaws, CISA has ordered federal agencies to apply fixes no later than January 5, 2026. Security experts strongly advise private organizations to follow suit by reviewing the catalog and addressing any listed vulnerabilities within their own infrastructures to reduce exposure to active exploitation.

What Undercode Say:

The addition of these vulnerabilities to the KEV catalog reflects more than routine patch management, it highlights a strategic shift in modern cyber operations. Attackers are no longer chasing scale. They are chasing access, leverage, and intelligence. The Apple WebKit flaw is especially telling because it targets a foundational component trusted by billions of devices worldwide. Exploiting WebKit allows attackers to weaponize something as ordinary as web content, turning a simple page view into a potential compromise.

Apple’s phrasing, extremely sophisticated attack against specific targeted individuals, is not accidental. This language has become synonymous with surveillance-grade exploits often associated with state-backed espionage or high-end spyware vendors. These actors invest heavily in zero-day research, not for noise, but for silence. The lack of technical disclosure from both Apple and Google further reinforces the sensitivity of the campaigns involved.

The Gladinet vulnerability exposes a different but equally dangerous reality. Hardcoded cryptographic keys are a textbook security failure, yet they continue to appear in enterprise products. In environments where CentreStack and TrioFox are used to manage file access and synchronization, this flaw undermines the entire trust model. Encryption becomes cosmetic when the keys are effectively public, leaving sensitive enterprise data vulnerable to trivial decryption and manipulation.

What ties these cases together is operational impact. WebKit exploits open doors on personal devices belonging to high-value individuals, while Gladinet flaws threaten organizational data stores and internal systems. Both scenarios enable attackers to move laterally, extract intelligence, and maintain persistence without triggering immediate alarms.

CISA’s mandate deadline of January 5, 2026, may appear distant, but the presence of active exploitation means waiting is a strategic mistake. Historically, once vulnerabilities enter the KEV catalog, exploit tooling spreads quickly beyond the original attackers. What begins as a surgical campaign often evolves into broader opportunistic abuse.

This episode also reinforces a harsh truth for security teams. Patch prioritization based solely on severity scores is no longer sufficient. Exploitation status, attacker profile, and asset criticality now matter more than raw CVSS numbers. Organizations that fail to adapt to this reality risk being blindsided by threats that never announce themselves.

Fact Checker Results

✅ CISA officially added the Apple WebKit and Gladinet vulnerabilities to the Known Exploited Vulnerabilities catalog.
✅ Apple confirmed at least one WebKit flaw was exploited in highly targeted real-world attacks.
❌ There is no public evidence that these attacks involved mass exploitation or random targeting.

Prediction

📊 Targeted zero-day exploitation will continue to dominate high-impact cyber operations, especially against mobile and browser technologies.
📊 Vendors will increasingly limit public disclosure as exploits intersect with intelligence and surveillance activity.
📊 KEV-listed vulnerabilities will become the primary benchmark for patch urgency across both public and private sectors.

▶️ Related Video (82% Match):

🕵️‍📝✔️Let’s dive deep and fact‑check.

References:

Reported By: securityaffairs.com
Extra Source Hub (Possible Sources for article):
https://www.quora.com/topic/Technology
Wikipedia
OpenAi & Undercode AI