Security News > 2022 > February > Apple Patches Actively Exploited WebKit Zero Day
Apple has patched yet another zero-day vulnerability, this time in its WebKit browser engine, that threat actors already are actively exploiting to compromise iPhones, iPads and MacOS devices.
"Apple is aware of a report that this issue may have been actively exploited," the company wrote in its update notes.
Apple released separate security updates for its products to address the issue - macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1.
The flaw affects numerous Apple devices, including iPhone 6s and later; all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch 7th generation.
The update is the second time this year that Apple has had to issue a patch for a zero day.
Last year Apple also patched several zero-day vulnerabilities, including a zero-click zero-day exploited by the NSO Group's Pegasus spyware and a memory-corruption flaw in its iOS and macOS platforms that could allow for system takeover.
News URL
https://threatpost.com/apple-patches-actively-exploited-webkit-zero-day/178370/
Related news
- Apple fixes this year’s first actively exploited zero-day bug (source)
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)