What WebKit zero-day means for Apple users

Lewis Goor
Wednesday 16 February 2022

A zero-day vulnerability has been found in various Apple products. This means a security bug existed with no patch available, leaving systems open to cyber-attacks. Use this guidance to learn more about the vulnerability, if you’re affected, and what you need to do. 

About this vulnerability 

Cyber criminals can exploit this flaw to create a malicious website. Once this website is live and a potential victim visits it, the attacker will be able to run programs on the device. 

In practice, this would mean your iPhone, iPad or Mac would be infected once you visit the site. 

The vulnerability belongs to the Use-After-Free (UAF) class which makes the issue related to memory being used incorrectly in applications.  

Who is affected? 

If you use the following devices or applications, you may be impacted by this vulnerability: 

  • iPhone 6S and newer
  • All models of iPad Pro 
  • iPad Air version 2 and newer 
  • iPad starting with 5th generation 
  • iPad mini starting with 4th generation 
  • iPad touch media player starting with 7th generation
  • Safari 
  • macOS Monterey 

This list is also available on Apple’s security updates page. 

What you need to do 

Apple has released a security patch to address this vulnerability. We have alerted those in an IT support role at the University who may have already been in touch. 

If you own any of the devices or use any of the applications listed above, update them as soon as possible. 

If your device was bought through your school, please discuss this with your Computing Officer.  

If you use a University-managed device, we will update it automatically and no action is needed.

Related topics

Vulnerability

Subscribe to the IT Services blog

Enter your email address to subscribe to this blog to receive notifications of new posts.

Cookie preferences