Security News > 2022 > February > Apple Patches Actively Exploited WebKit Zero Day

Apple has patched yet another zero-day vulnerability, this time in its WebKit browser engine, that threat actors already are actively exploiting to compromise iPhones, iPads and MacOS devices.
"Apple is aware of a report that this issue may have been actively exploited," the company wrote in its update notes.
Apple released separate security updates for its products to address the issue - macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1.
The flaw affects numerous Apple devices, including iPhone 6s and later; all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch 7th generation.
The update is the second time this year that Apple has had to issue a patch for a zero day.
Last year Apple also patched several zero-day vulnerabilities, including a zero-click zero-day exploited by the NSO Group's Pegasus spyware and a memory-corruption flaw in its iOS and macOS platforms that could allow for system takeover.
News URL
https://threatpost.com/apple-patches-actively-exploited-webkit-zero-day/178370/
Related news
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)