Security News > 2022 > October > Apple fixes new zero-day used in attacks against iPhones, iPads

In security updates released on Monday, Apple has fixed the ninth zero-day vulnerability used in attacks against iPhones since the start of the year.
As Apple explains, if successfully exploited in attacks, this zero-day could have been used by potential attackers to execute arbitrary code with kernel privileges.
While Apple has disclosed that it knows of active exploitation reports of this vulnerability in the wild, it has yet to release any information regarding these attacks.
This will likely allow Apple customers to patch their devices before more attackers develop additional exploits and start using them in attacks targeting vulnerable iPhones and iPads.
In August, it fixed two more zero-days in the iOS Kernel and WebKit In March, Apple patched two zero-day in the Intel Graphics Driver and AppleAVD. In February, Apple released security updates to address another WebKit zero-day bug exploited to target iPhones, iPads, and Macs.
In January, Apple patched another pair of zero-days allowing code execution with kernel privileges and web browsing activity tracking.
News URL
Related news
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- SAP fixes suspected Netweaver zero-day exploited in attacks (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)