Security News > 2022 > December > Apple Patches iPhone Zero-Day
The most recent iPhone update-to version 16.1.2-patches a zero-day vulnerability that "May have been actively exploited against versions of iOS released before iOS 15.1.".
Apple said security researchers at Google's Threat Analysis Group, which investigates nation state-backed spyware, hacking and cyberattacks, discovered and reported the WebKit bug.
WebKit bugs are often exploited when a person visits a malicious domain in their browser.
It's not uncommon for bad actors to find vulnerabilities that target WebKit as a way to break into the device's operating system and the user's private data.
WebKit bugs can be "Chained" to other vulnerabilities to break through multiple layers of a device's defenses.
News URL
https://www.schneier.com/blog/archives/2022/12/apple-patches-iphone-zero-day.html
Related news
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)