Security News > 2022 > February > Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw
Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year.
Tracked as CVE-2022-22620, the issue concerns a use-after-free vulnerability in the WebKit component that powers the Safari web browser and could be exploited by a piece of specially crafted web content to gain arbitrary code execution.
"Apple is aware of a report that this issue may have been actively exploited," the company said in a terse statement acknowledging in-the-wild attacks leveraging the flaw.
The iPhone maker credited an anonymous researcher for discovering and reporting the flaw, adding it remediated the issue with improved memory management.
The updates are available for iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch, macOS devices running Big Sur and macOS Catalina, and also as a standalone update for Safari.
The latest fix brings the tally of zero-day patches issued by Apple for 2022 to three, including CVE-2022-22587 and CVE-2022-22594, that could have been exploited to run arbitrary code and track users' online activity in the web browser.
News URL
https://thehackernews.com/2022/02/apple-releases-ios-ipados-macos-updates.html
Related news
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-18 | CVE-2022-22620 | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 8.8 |
2022-03-18 | CVE-2022-22594 | Origin Validation Error vulnerability in Apple products A cross-origin issue in the IndexDB API was addressed with improved input validation. | 6.5 |
2022-03-18 | CVE-2022-22587 | Out-of-bounds Write vulnerability in Apple Iphone OS and Macos A memory corruption issue was addressed with improved input validation. | 9.8 |