Security News > 2022 > August > Apple security updates fix 2 zero-days used to hack iPhones, Macs
Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs.
Today, Apple has released macOS Monterey 12.5.1 and iOS 15.6.1/iPadOS 15.6.1 to resolve two zero-day vulnerabilities that are reported to have been actively exploited.
The second zero-day vulnerability is CVE-2022-32893 and is an out-of-bounds write vulnerability in WebKit, the web browser engine used by Safari and other apps that can access the web.
Likely, these zero-days were only used in targeted attacks, but it's still strongly advised to install today's security updates as soon as possible.
In March, Apple patched two more zero-day bugs that were used in the Intel Graphics Driver and AppleAVD that could also be used to execute code with Kernel privileges.
In February, Apple released security updates to fix a new zero-day bug exploited to hack iPhones, iPads, and Macs, leading to OS crashes and remote code execution on compromised devices after processing maliciously crafted web content.
News URL
Related news
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Serbian police used Cellebrite zero-day hack to unlock Android phones (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Update Your iPhone Now to Fix Safari Security Flaw (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-24 | CVE-2022-32893 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write issue was addressed with improved bounds checking. | 8.8 |