Apple claims that a zero-day vulnerability in WebKit is affecting iOS and macOS devices

Apple’s battles with zero-day assaults on its iOS and macOS systems aren’t going away any time soon.

Cupertino has published patches for iOS, iPadOS, and macOS for the second time in as many months to resolve a severe WebKit security flaw (CVE-2022-22620) that exposes Apple devices to remote code execution threats.


“Processing maliciously designed web content may result in the execution of arbitrary code.” “Apple is aware of a report that this vulnerability has been aggressively exploited,” the company said in a brief statement.


Apple did not give specifics on the scale of the attack, the platform that was targeted, or any symptoms of compromise to aid defenders in their search for signs of infection, as is normal.

An anonymous researcher identified a use-after-free memory corruption problem in WebKit, which was patched in iOS 15.3.1, iPadOS 15.3.1, and macOS Monterey 12.2.1. Apple claims that the WebKit code has been cleaned up and memory management has been enhanced.

Apple has patched the second “actively exploited” zero-day in the first two months of 2022. The business used similar terminology when it revealed zero-day attacks targeting a memory corruption flaw in IOMobileFrameBuffer, an often-targeted iOS kernel extension, late last month.


Apple’s security response team dealt with at least 17 documented zero-day assaults in the field last year.