Apple fixes zero-day flaws in WebKit for sophisticated attacks

English

Apple has addressed two zero-day vulnerabilities in its WebKit engine that were exploited in sophisticated attacks. The company released patches to fix these bugs, enhancing security for users of its devices.

Apple announced fixes for two zero-day flaws in WebKit, the engine powering Safari and other web technologies on its platforms. These vulnerabilities were actively exploited in what the company described as sophisticated attacks, posing risks to user data and device integrity.

The patches were issued as part of Apple's regular security updates, targeting iOS, iPadOS, macOS, and other affected systems. WebKit's role in rendering web content makes it a frequent target for attackers seeking to execute malicious code.

No specific details on the nature of the exploits or affected users were provided in the announcement, but Apple emphasized the importance of updating devices promptly to mitigate risks. This move underscores ongoing efforts to counter advanced cyber threats in the ecosystem.

Related Articles

Apple releases iOS 26.2 and ecosystem updates with critical security fixes and app enhancements

Apple began rolling out iOS 26.2 on December 12, 2025, patching two zero-day WebKit vulnerabilities actively exploited in sophisticated targeted attacks, plus over two dozen other bugs. The update adds UI improvements like expanded Liquid Glass customization and app features for Apple Music, Podcasts, and more. Companion updates for iPadOS, macOS, watchOS, tvOS, and visionOS focus on convenience and security. At least half of iPhone owners have yet to update to iOS 26 or later, risking exposure.

Apple releases first iOS 26.3.1 (a) background security improvement

Reported by AI

Apple has released iOS 26.3.1 (a), described as its first Background Security Improvement, to address a WebKit issue on iPhones. The update targets the engine powering Safari and third-party browsers. Apple urges all users to install it.

Technology

North Korean hackers exploit maximum severity React2Shell flaw

Technology

WatchGuard Firebox OS patches critical security flaw

Technology

New DarkSword tool targets hundreds of millions of iPhones

Veeam patches three critical security flaws in backup servers

Veeam has addressed three critical-severity security vulnerabilities that could expose backup servers to remote code execution attacks. The company issued patches to mitigate these risks. The announcement highlights ongoing concerns in cybersecurity for data protection tools.

Chinese hackers install backdoors via Cisco email zero-day

Reported by AI

Cisco Talos has detailed how a Chinese-linked group is exploiting an unpatched zero-day in email security appliances since late November 2025, deploying backdoors and log-wiping tools for persistent access.

Technology

Russian hackers exploit Microsoft Office vulnerability days after patch

Technology

Apple rolls out iOS 26.2 changes in Japan: alternative app stores, payments, browsers under MSCA

Linux

GNU C Library fixes security issue from 1996

March 25, 2026 00:25

Apple releases iOS 26.4 and updates across major platforms

February 18, 2026 11:16

Dell zero-day flaw unpatched for nearly two years

February 05, 2026 15:05

Critical flaws discovered in n8n workflow tool

February 04, 2026 10:58

More than 40,000 WordPress sites affected by malware flaw

January 31, 2026 14:04

Apple updates decade-old iPhones to sustain iMessage

January 27, 2026 23:02

Microsoft patches security flaw in Office software

January 14, 2026 15:44

Six Apple apps hit by subscription changes

January 08, 2026 08:48

The myth of Linux's invincibility in enterprise security

December 22, 2025 16:25

HPE urges immediate patching of OneView after critical security flaw found

December 19, 2025 11:19

Cisco email security products targeted in zero-day campaign

 

 

 

This website uses cookies

We use cookies for analytics to improve our site. Read our privacy policy for more information.
Decline