Skip to content

Apple has released security updates for a zero-day vulnerability that affects both the kernel and WebKit (Apple’s web browser engine that powers Safari) iOS devices and could allow an attacker to execute code remotely. Tracked as CVE-2022-32893 and CVE-2022-32894, this vulnerability affects almost all newer iOS products. Apple has warned that “this issue may have been actively exploited” in a security advisory released alongside the update.  

As this vulnerability affects the engine used in Apple’s Safari browser, attackers can use malicious websites to gain kernel-level access to a vulnerable system, allowing them to take full control of a device at an administrator level. Security experts have warned that a successful exploit could allow a hacker to spy on, download and start apps, access all device data, activate the camera and microphone, and track your browser and location data, among countless other possibilities.


Update all Apple devices as soon as possible. For iPhones or iPads, you can do this by going to Settings > General > Software Update, and on Macs, you can do this by going to the Apple menu > About this Mac > Software Update.

Affected Systems: 

iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation), macOS Monterey, macOS Big Sur, and macOS Catalina.

Related Links: