Security News > 2022 > September > Apple fixes eighth zero-day used to hack iPhones and Macs this year

Apple has released security updates to address the eighth zero-day vulnerability used in attacks against iPhones and Macs since the start of the year.
In security advisories issued on Monday, Apple revealed they're aware of reports saying this security flaw "May have been actively exploited."
iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch to Macs running macOS Big Sur 11.7 after releasing additional security updates on August 31 to address the same bug on iOS versions running on older iPhones and iPads.
By refusing to release this info, Apple likely wants to allow as many customers as possible to patch their devices before other attackers develop their own exploits and start deploying them in attacks targeting vulnerable iPhones and Macs.
In March, Apple patched two zero-day bugs in the Intel Graphics Driver and AppleAVD. In February, Apple released security updates to fix another WebKit zero-day bug exploited in attacks against iPhones, iPads, and Macs.
In January, Apple patched two other exploited zero-days that enabled code execution with kernel privileges and web browsing activity tracking.
News URL
Related news
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) (source)
- Serbian police used Cellebrite zero-day hack to unlock Android phones (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)