Security News > 2022 > February > Apple Patches Actively Exploited WebKit Zero Day
Apple has patched yet another zero-day vulnerability, this time in its WebKit browser engine, that threat actors already are actively exploiting to compromise iPhones, iPads and MacOS devices.
"Apple is aware of a report that this issue may have been actively exploited," the company wrote in its update notes.
Apple released separate security updates for its products to address the issue - macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1.
The flaw affects numerous Apple devices, including iPhone 6s and later; all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch 7th generation.
The update is the second time this year that Apple has had to issue a patch for a zero day.
Last year Apple also patched several zero-day vulnerabilities, including a zero-click zero-day exploited by the NSO Group's Pegasus spyware and a memory-corruption flaw in its iOS and macOS platforms that could allow for system takeover.
News URL
https://threatpost.com/apple-patches-actively-exploited-webkit-zero-day/178370/
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)