Apple has rolled out important security updates to fix a new zero-day vulnerability that could allow attackers to hack iPhones, iPads, and Macs.
The zero-day vulnerability dubbed as CVE-2022-22620 was disclosed to Apple by an anonymous researcher. This bug is a use-after-free memory corruption bug in the WebKit rendering engine, which powers Apple’s web browser Safari.
The successful exploitation of the ‘CVE-2022-22620’ bug could allow threat actors to process maliciously crafted web content leading to ‘arbitrary code execution’ on a range of Apple devices.
“Apple is aware of a report that this issue may have been actively exploited,” the company said in a statement while acknowledging the flaw. However, it is yet to provide more technical details on the vulnerability.
The Cupertino giant has addressed the issue by releasing security updates with improved memory management for iOS 15.3.1 and iPadOS 15.3.1, macOS Monterey 12.2.1, and Safari 15.3 (v. 166126.96.36.199.8 and 156188.8.131.52.8) for macOS Big Sur and Catalina.
The iOS 15.3.1 and iPadOS 15.3.1 update patches a significant WebKit vulnerability that affects all browsers on iPhone and iPads, as well as an accessibility bug that may cause Braille displays to stop responding.
Apple has also released macOS Monterey 12.2.1 for its Mac-based browser with the improved memory management to address a Bluetooth-related battery-drain issue on MacBooks that run on Intel CPUs.
“macOS 12.2.1 provides important security updates and fixes an issue for Intel-based Mac computers that may cause the battery to drain during sleep when connected to Bluetooth peripherals,” said Apple in the patch notes for Mac.
The complete list of affected models are given below:
- iPhone 6s and later,
- iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Macs running macOS Monterey
All Apple users are strongly recommended to update their iPhones, iPads, and Macs to the latest version of the operating system to prevent potential attacks