Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw

News

Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company’s third zero-day patch since the start of the year.

Automatic GitHub Backups

Tracked as CVE-2022-22620, the issue concerns a use-after-free vulnerability in the WebKit component that powers the Safari web browser and could be exploited by a piece of specially crafted web content to gain arbitrary code execution.

“Apple is aware of a report that this issue may have been actively exploited,” the company said in a terse statement acknowledging in-the-wild attacks leveraging the flaw.

The iPhone maker credited an anonymous researcher for discovering and reporting the flaw, adding it remediated the issue with improved memory management.

The updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation), macOS devices running Big Sur and macOS Catalina, and also as a standalone update for Safari.

Prevent Data Breaches

The latest fix brings the tally of zero-day patches issued by Apple for 2022 to three, including CVE-2022-22587 and CVE-2022-22594, that could have been exploited to run arbitrary code and track users’ online activity in the web browser.

Products You May Like

Articles You May Like

Microsoft Upgrades Windows 11 With New Security Features
Air Force Upgrades Digital Modernization Strategy to “As a Service” Model
Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet
Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released
Hackers Deploy Malicious OAuth Apps to Compromise Email Servers, Spread Spam

Leave a Reply

Your email address will not be published.