Update Your iPhone, iPad And Mac Immediately To Plug Huge Safari Security Holes
Apple has released an update for your iPhone that you are going to want to download as soon as possible. Update iOS 15.3 includes a patch to fix a security vulnerability in Safari that could leak your browser history, as well as a second fix for a memory corruption bug that affects iOS, iPadOS, and macOS Monterey.
If you are a business owner that has been using devices like the Square Terminal, Apple is working on a solution that will untether you from those devices and allow you to accept payments using just your iPhone. Apple also announced this week its latest Shot on iPhone challenge, that will have owners getting up close and personal with their smartphones. The challenge focuses on the macro feature on the iPhone 13 Pro and Pro Max. If you are currently using an iPhone, iPad, or macOS Monterey, you will want to make sure you update your device to the latest firmware as soon as you can.
CVE-2022-22594 is a recently discovered vulnerability in Apple's Safari web browser. This vulnerability has the potential to leak sensitive data from your browsing history in Safari 15. The bug can also disclose personal identifiers, such as your Google User ID. It was uncovered by researchers with security firm FingerprintJS. The firm identified the bug in Safari's application of the IndexedDB API, which "lets any website track your internet activity and even reveal your identity."
In a report from the firm, it stated, "We checked the homepages of Alexa's Top 1,000 most visited websites to understand how many websites use IndexedDB and can be uniquely identified by the databases they interact with indexed databases directly on their homepage, without any additional user interaction or the need to authenticate."
9to5Mac stated it has tested today's updates and found that it has in fact fixed the Safari security vulnerability. To update your iPhone or iPad, head to the Settings app > General > Software Update and tap Install Now.
Also included in today's update is a fix for a memory corruption bug in the IOMobileFrameBuffer (CVE-2022-22587) that affects iOS, iPadOS, and macOS Monterey. Apple said in its statement concerning the fixes, "Apple is aware of a report that this issue may have been actively exploited." Under the right situation, this bug could potentially lead to kernel-level code execution.
Devices that are impacted include:
- iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- MacOS Monterey