Security News > 2022 > August > Apple releases Safari 15.6.1 to fix zero-day bug used in attacks
Apple has released Safari 15.6.1 for macOS Big Sur and Catalina to fix a zero-day vulnerability exploited in the wild to hack Macs.
"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited," warns Apple in a security bulletin released today.
Apple says they fixed the bug through improved bounds checking.
Apple says the vulnerability was disclosed by a researcher who wishes to remain anonymous.
This zero-day vulnerability is the same one that was patched by Apple yesterday for macOS Monterey and iPhone/iPads.
Apple has not provided details on how the vulnerability is being used in attacks other than saying that it "May have been actively exploited."
News URL
Related news
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Apple backports zero-day patches to older iPhones and Macs (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- SAP fixes suspected Netweaver zero-day exploited in attacks (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)