Security News > 2022 > January > Apple fixes new zero-day exploited to hack macOS, iOS devices
Apple has released security updates to fix two zero-day vulnerabilities, with one publicly disclosed and the other exploited in the wild by attackers to hack into iPhones and Macs.
The first zero-day patched today [1, 2] is a memory corruption bug in the IOMobileFrameBuffer that affects iOS, iPadOS, and macOS Monterey.
The second zero-day is a Safari WebKit bug in iOS and iPadOS that allowed websites to track your browsing activity and users' identities in real-time.
After the researcher disclosed the bug, it was assigned the CVE-2022-22594 and fixed in today's iOS 15.3 and iPadOS 15.3 security update.
These bugs are the first zero-day vulnerabilities fixed by Apple in 2022.
Apple fixed what felt like a never-ending stream of zero-day bugs in 2021 that were used in attacks against iOS and macOS devices.
News URL
Related news
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Apple fixes this year’s first actively exploited zero-day bug (source)
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Apple plugs security hole in its iThings that's already been exploited in iOS (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) (source)
- How to secure Notes on iOS and macOS (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-18 | CVE-2022-22594 | Origin Validation Error vulnerability in Apple products A cross-origin issue in the IndexDB API was addressed with improved input validation. | 6.5 |