Security News > 2022 > February > Apple zero-day drama for Macs, iPhones and iPads – patch now!

Here on Naked Security, we've been lamenting the mysterious nature of Apple's security updates for ages.
In the sudo bug case, Apple did eventually come to the party, and updated its own products in September.
That's where Apple users are today, following last night's release of emergency updates for macOS, iOS and iPadOS. If this were a Microsoft patch, we'd probably be referring to it as "Out of band", a jargon term commonly used to denote that an update is a critical one-off that just couldn't wait for the next round of scheduled updates, and therefore doesn't fit into the expected cycle.
Bugs in WebKit also affect every browser on iPhones and iPads, even non-Apple browsers like Firefox, Edge and Chrome, because Apple won't allow other vendors' browsers into the App Store if they bring their own low-level browser engine with them: under the surface, it's WebKit or nothing.
Update to Safari 15.3*: For users of the previous two macOS versions, Catalina and Big Sur, the patch comes as a Safari-only update, and doesn't change your operating system build number.
In the list above, you'll note that we wrote Safari 15.3* for Catalina and Big Sur users, which is how Apple denotes the patch in its own bulletin.
News URL
Related news
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Emergency patch for potential SAP zero-day that could grant full system control (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days (source)