Apple Patches Actively Exploited Zero Day Threat On iPhone, iPad And Mac, Update Now
Apple has had to deal with a spate of security related issues as of late. Recently, the company addressed some issues related to it AirTag products. Siri also had a bit of an overshare problem for a while there, and now Apple has has yet another security patch rollout to address a major exploit affecting three of its major product lines.
iPhones, iPads, and Macs share a significant security flaw labeled CVE-2022-22620. This particular flaw can potentially wreak havoc on an affected device by allowing arbitrary code execution. Arbitrary code execution allows an attacker to make the device execute any code they wish. If exploited, a malicious user could download a file, run it, bypass certain restrictions, gain full access to the computer or device, and you know where the story goes from there. The issue is part of Apple's WebKit API along with a function called Use After Free.
Apple has released a patch for all affected devices. Some targeted attacks may have utilized the exploit, though. The latest update for each affected device should resolve this issue, however, and it also looks like the patch improves some memory management functionality as well.
Affected devices include:
- Macs with macOS Monterey 12.2.0 and below
- iPhones and iPads with iOS or iPadOS 15.3.0 and below
This is the third zero-day patch Apple has issued in 2022, and will obviously not be the last. The updates for macOS is 12.21 and for iPadOS and iOS is 15.3.1 are available at these links. We recommend you update your devices, if you have anything listed, immediately.
iPhone and iPad devices that need to be updated include:
- iPhone 6s and later
- iPad Pro (all models)
- iPad Air 2 and later
- iPad 5th generation and later
- iPad mini 4 and later
Any mac capable of running macOS Monterey will support the update as well.