Apple Fixes Zero-Day Flaw Used in Extremely Sophisticated Attacks

Related

New macOS Malware Uses Fake Errors to Confuse AI Analysis Tools

What happened A newly discovered macOS malware family named Gaslight...

Unpatchable usbliter8 Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

What happened Security researchers at Paradigm Shift published a working...

Apple Feature Will Automatically Change Compromised Passwords

What happened Apple announced a new Apple Intelligence-powered feature that...

Apple Account Change Alerts Abused to Send Phishing Emails

What happened Threat actors are abusing Apple's account change notification...

Share

What happened

Apple has released a security update that fixes a zero-day vulnerability actively exploited in highly sophisticated attacks against iOS and iPadOS devices. According to the report, the flaw, tracked as CVE-2026-22399, exists in the WebKit browser engine and could allow malicious web content to execute arbitrary code when processed by a vulnerable device. Apple’s advisory stated that the issue was actively abused in the wild, with attackers crafting web content that could trigger the vulnerability when a user visited a malicious site. The company credited anonymous researchers for reporting the flaw and said the exploit was part of a set of tailored attacks targeting specific devices. Apple addressed the vulnerability in its latest updates for iOS, iPadOS, and Safari, urging users to install the patches to mitigate potential exploitation.

Who is affected

Users of Apple devices running iOS, iPadOS, or Safari that had not yet received the updated software are affected, as the zero-day flaw could be exploited through malicious web content to execute code on impacted devices.

Why CISOs should care

The active exploitation of a zero-day in a widely deployed mobile platform underscores ongoing risks from sophisticated web-based attack vectors and the importance of rapid patch adoption to mitigate targeted compromise.

3 practical actions

  • Apply Apple’s security updates. Ensure iOS, iPadOS, and Safari deployments are updated to the latest versions that patch CVE-2026-22399.
  • Monitor web traffic for malicious content. Detect and block access to domains serving weaponized web pages linked to the vulnerability.
  • Educate users on safe browsing. Advise stakeholders to avoid interacting with untrusted web content on mobile devices pending update deployment.
IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.