Apple has released critical security updates for users who haven't upgraded to macOS Tahoe, bringing macOS Sequoia to version 15.7.3 and macOS Sonoma to version 14.8.3. These updates address a combined 46 security vulnerabilities, including two WebKit zero-day exploits that were actively being used in sophisticated targeted attacks.
Released on December 12, 2025, alongside macOS Tahoe 26.2, these security-focused updates contain no new features but provide essential protection for Mac users who prefer to stay on older, more stable operating system versions. All users still running Sequoia or Sonoma should install these updates immediately.
Urgent Security Alert
Update immediately! Two WebKit vulnerabilities fixed in this update were actively exploited in targeted attacks. Apple confirms these zero-day exploits were used "in an extremely sophisticated attack against specific targeted individuals."
While the attacks appear highly targeted (possibly involving mercenary spyware), all users are at risk until they update.
How to Update macOS Sequoia or Sonoma
- Open System Settings on your Mac
- Click General in the sidebar
- Click Software Update
- Important: Apple displays a large banner promoting macOS Tahoe at the top. Look below this banner to find the security update for your current version
- Click Update Now for Sequoia 15.7.3 or Sonoma 14.8.3
Download Size:
- macOS Sequoia 15.7.3: Approximately 1.8 GB
- macOS Sonoma 14.8.3: Approximately 1.6 GB
Actively Exploited Zero-Day Vulnerabilities
The most concerning aspect of this security update is the presence of two WebKit vulnerabilities that Apple confirms were already being exploited in the wild before these patches were released.
What Are Zero-Day Vulnerabilities?
A zero-day vulnerability is a security flaw that is exploited by attackers before the software vendor becomes aware of it or has a chance to create a patch. The term "zero-day" refers to the fact that developers have had zero days to fix the vulnerability before it was exploited.
The Two WebKit Zero-Days
While Apple has not disclosed the specific CVE identifiers publicly yet, security researchers and Apple's own disclosures reveal:
- WebKit Code Execution Vulnerability: Allows maliciously crafted web content to execute arbitrary code on the victim's Mac
- WebKit Memory Corruption Issue: Could lead to unauthorized access to system resources and sensitive information
According to Apple's security bulletin, these vulnerabilities were exploited "in an extremely sophisticated attack against specific targeted individuals." While Apple doesn't specify who the targets were, security experts believe the attacks may be linked to:
- Government-sponsored espionage operations
- Mercenary spyware campaigns (similar to Pegasus)
- Attacks against high-value targets such as journalists, activists, or political figures
Why All Users Should Update
Even though the known exploitation was highly targeted, the vulnerabilities themselves are now public knowledge. This means:
- Other attackers could reverse-engineer the exploits
- The vulnerabilities could be used in broader attack campaigns
- Simply visiting a malicious website could potentially compromise your Mac
- No user interaction beyond loading a web page may be required for exploitation
macOS Sequoia 15.7.3 Security Fixes
The Sequoia update addresses 25 security vulnerabilities across multiple system components:
Major Vulnerabilities Fixed
| Component | Issue Type | Impact | Severity |
|---|---|---|---|
| WebKit (2 issues) | Code execution, memory corruption | Arbitrary code execution via malicious web content | Critical (Actively Exploited) |
| Kernel (CVE-2025-43512) | Privilege escalation | Apps may gain kernel privileges | High |
| Gatekeeper (CVE-2025-43348) | Bypass vulnerability | Malicious apps could bypass security checks | High |
| Finder & System Settings | Security bypass | Circumvention of Gatekeeper protections | Medium |
| Safari | Privacy leak | Cross-site tracking potential | Medium |
Additional Sequoia 15.7.3 Security Improvements
- Bluetooth: Fixed potential for unauthorized device pairing
- CoreAudio: Addressed memory corruption issues
- IOKit: Resolved kernel memory disclosure vulnerability
- Metal: Fixed out-of-bounds read issue
- Model I/O: Patched arbitrary code execution vulnerability
- PackageKit: Addressed app privilege escalation
- Sandbox: Improved isolation protections
- WebKit: Multiple additional memory safety improvements beyond the zero-days
macOS Sonoma 14.8.3 Security Fixes
The Sonoma update addresses 21 security vulnerabilities, focusing on the most critical issues that also affect the older operating system:
- Both WebKit zero-day vulnerabilities (same as Sequoia and Tahoe)
- Kernel privilege escalation issues
- Safari privacy vulnerabilities
- Gatekeeper bypass in Finder and System Settings
- CoreAudio memory corruption
- Various system service security improvements
While Sonoma receives fewer total security fixes than Sequoia, all critical vulnerabilities—especially the actively exploited WebKit zero-days—are addressed.
Safari 26.2 Also Available
Alongside the macOS updates, Apple has released Safari 26.2, which can be installed separately on older macOS versions. This Safari update includes:
- The same WebKit zero-day fixes
- Additional browser security enhancements
- Performance improvements
- Privacy protection updates
If you're running an even older version of macOS (like Monterey or Big Sur), install Safari 26.2 to protect against the WebKit vulnerabilities, even though full system-level protections require updating to at least Sonoma.
Should You Stay on Sequoia or Upgrade to Tahoe?
Many users have chosen to remain on macOS Sequoia rather than upgrading to the newer macOS Tahoe 26. This is a personal decision based on several factors:
Reasons to Stay on Sequoia
- Stability: Sequoia is a more mature operating system with most bugs worked out
- Compatibility: Some older apps may not work properly on Tahoe
- Hardware Performance: Some users report better performance on Sequoia, especially on older Macs
- Security Support: Apple continues to provide security updates for Sequoia
- Workflow Stability: If everything works perfectly now, why change?
Reasons to Upgrade to Tahoe
- New Features: Liquid Glass design, Edge Light, Phone app, Games app, and more
- Latest Security: First to receive new protections and improvements
- Apple Intelligence: Full access to AI features (on supported Macs)
- Longer Support: Will receive updates for years to come
- Performance: Better optimization on Apple Silicon (M-series) Macs
How Long Will Sequoia Receive Updates?
Based on Apple's historical patterns, macOS Sequoia will likely receive security updates for at least 2-3 years after Tahoe's release. This means security support until at least late 2027 or early 2028.
However, new features and major improvements will only come to macOS Tahoe and future versions.
Known Issues and Workarounds
Both updates are primarily security-focused and should not introduce new issues. However, some users have reported:
- Extended Install Times: The update may take 30-45 minutes to install, longer than typical point updates
- Safari Extensions: Some users need to re-enable Safari extensions after updating
- Gatekeeper Warnings: First app launches after updating may show additional security prompts
These are minor inconveniences compared to the security protection provided by the update.
Tips for Avoiding Malicious Websites
While updating your Mac protects against these specific WebKit vulnerabilities, practicing safe browsing habits is always important:
- Don't Click Suspicious Links: Be wary of links in emails, messages, or social media from unknown sources
- Verify URLs: Check that website addresses are correct before entering sensitive information
- Use Content Blockers: Safari extensions like AdGuard or 1Blocker can help prevent malicious content from loading
- Enable Safari Warnings: Make sure "Warn when visiting a fraudulent website" is enabled in Safari preferences
- Keep Everything Updated: Not just macOS, but all your apps and browsers
- Use a VPN: Especially on public Wi-Fi networks
What About Older macOS Versions?
Apple typically provides security updates for the current macOS version and the two previous major releases. This means:
- macOS Tahoe 26: Full feature and security support (current)
- macOS Sequoia 15: Security updates continue (15.7.3 released)
- macOS Sonoma 14: Security updates continue (14.8.3 released)
- macOS Ventura 13: May receive critical security updates but support winding down
- Older versions: No longer supported
If you're running macOS Monterey, Big Sur, or older, you should strongly consider upgrading to at least Sonoma to maintain security protection.
The Bigger Picture: Apple's Security Commitment
This security update demonstrates Apple's continued commitment to protecting users across multiple macOS versions. Key takeaways:
- Rapid Response: Apple patches actively exploited vulnerabilities quickly
- Multi-Version Support: Critical fixes reach users on older operating systems
- Transparency: Apple discloses when vulnerabilities are being exploited
- Regular Updates: Consistent security update schedule (typically every 4-6 weeks)
However, users must take action by actually installing these updates to be protected.
Checking Your Update Status
To verify that you've successfully installed the latest security update:
- Click the Apple menu () in the top-left corner
- Select About This Mac
- Look for your macOS version:
- macOS Sequoia 15.7.3 or later
- macOS Sonoma 14.8.3 or later
- macOS Tahoe 26.2 or later
If you see an older version number, return to Software Update and check again. Sometimes updates need to be run in sequence if you're several versions behind.
Update During the Holidays
With these updates released during the holiday season, it's especially important to update your Mac before traveling or using it on public networks. Take a few minutes to install the update before your holiday break to ensure your Mac is secure.
Looking Ahead: macOS Tahoe 26.3
For users who do choose to upgrade to macOS Tahoe, version 26.3 is currently in beta testing and expected to release in late January 2026. While no major new features have been announced, it will include additional security fixes and stability improvements.
Sequoia and Sonoma users can expect to receive security updates alongside Tahoe 26.3's release, continuing the pattern of parallel security support across multiple macOS versions.