Security News > 2023 > April > Apple fixes recently disclosed zero-days on older iPhones and iPads
Apple has released emergency updates to backport security patches released on Friday, addressing two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs.
The second zero-day is a WebKit use after free that can let threat actors execute malicious code on compromised iPhones, Macs, or iPads after tricking their targets into loading malicious web pages.
Today, Apple addressed the zero-days in iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, and macOS Big Sur 11.7.6 by improving input validation and memory management.
iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, iPod touch, and Macs running macOS Monterey and Big Sur.
CISA also ordered federal agencies to patch their devices against these two security vulnerabilities, known as being actively exploited in the wild to hack iPhones, Macs, and iPads.
In mid-February, Apple patched another WebKit zero-day that was in attacks to trigger crashes and gain code execution on vulnerable iOS, iPadOS, and macOS devices.
News URL
Related news
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon (source)
- Apple fixes this year’s first actively exploited zero-day bug (source)
- Week in review: Apple 0-day used to target iPhones, DeepSeek’s popularity exploited by scammers (source)