What happened
Apple has released a security update that fixes a zero-day vulnerability actively exploited in highly sophisticated attacks against iOS and iPadOS devices. According to the report, the flaw, tracked as CVE-2026-22399, exists in the WebKit browser engine and could allow malicious web content to execute arbitrary code when processed by a vulnerable device. Apple’s advisory stated that the issue was actively abused in the wild, with attackers crafting web content that could trigger the vulnerability when a user visited a malicious site. The company credited anonymous researchers for reporting the flaw and said the exploit was part of a set of tailored attacks targeting specific devices. Apple addressed the vulnerability in its latest updates for iOS, iPadOS, and Safari, urging users to install the patches to mitigate potential exploitation.
Who is affected
Users of Apple devices running iOS, iPadOS, or Safari that had not yet received the updated software are affected, as the zero-day flaw could be exploited through malicious web content to execute code on impacted devices.
Why CISOs should care
The active exploitation of a zero-day in a widely deployed mobile platform underscores ongoing risks from sophisticated web-based attack vectors and the importance of rapid patch adoption to mitigate targeted compromise.
3 practical actions
- Apply Apple’s security updates. Ensure iOS, iPadOS, and Safari deployments are updated to the latest versions that patch CVE-2026-22399.
- Monitor web traffic for malicious content. Detect and block access to domains serving weaponized web pages linked to the vulnerability.
- Educate users on safe browsing. Advise stakeholders to avoid interacting with untrusted web content on mobile devices pending update deployment.