Security News > 2022 > December > New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products
Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code.
The company said it's "Aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.".
It's worth noting that every third-party web browser that's available for iOS and iPadOS, including Google Chrome, Mozilla Firefox, and Microsoft Edge, and others, is required to use the WebKit rendering engine due to restrictions imposed by Apple.
The update, which is available with iOS 15.7.2, iPadOS 15.7.2, macOS Ventura 13.1, tvOS 16.2, and Safari 16.2, arrives two weeks after Apple patched the same bug in iOS 16.1.2 on November 30, 2022.
The fix marks the resolution of the tenth zero-day vulnerability discovered in Apple software since the start of the year.
The latest iOS, iPadOS, and macOS updates also introduce a new security feature called Advanced Data Protection for iCloud that expands end-to-end encryption to iCloud Backup, Notes, Photos, and more.
News URL
https://thehackernews.com/2022/12/new-actively-exploited-zero-day.html
Related news
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Apple backports zero-day patches to older iPhones and Macs (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)