Apple Patched A Zero-Day Under Attack With iOS 15.3.1

Weeks after releasing the major iOS update 15.3, Apple has released another update. It turns out that the tech giant has fixed a severe zero-day vulnerability under attack with iOS 15.3.1. Users need to update their devices once again to get the patch.

iOS 15.3.1 Fixed Zero-Day

Describing the flaw in an advisory, Apple mentioned the active exploitation of a zero-day bug affecting iOS devices. This vulnerability, CVE-2022-22620, existed in the Safari WebKit, and exploiting it could allow code execution.

Apple hasn’t named the researcher that reported this flaw to the tech giant. But the firm did explain the impact of its exploitation, stating,

 Processing maliciously crafted web content may lead to arbitrary code execution.

The Cupertino giant also admitted to having received reports of active exploitation of the flaw.

Nonetheless, it has now patched this zero-day bug with iOS 15.3.1 and iPadOS 15.3.1. Regarding the fix, the advisory reads,

A use after free issue was addressed with improved memory management.

This update is available for iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th gen and later, iPad mini 4 and later, and iPod touch (7th gen).

The new iOS update has arrived only two weeks after the major iOS 15.3 update. It also addressed numerous security vulnerabilities, including two zero-day bugs.

Since the recent vulnerability in question affected Apple’s Safari browser, it subsequently required a fix for Mac users too.

Therefore, Apple has also rolled out macOS Monterey 12.2.1 update with the Webkit patch. This update also arrives a month after the macOS Monterey 12.1 update that patched a critical security bypass vulnerability.

The other Safari browser users can also receive the fix by downloading the latest browser update (Safari 15.3).

While the recent updates carry only a single security fix, given that active exploits exist for the flaw, all Apple users should rush to update their respective devices at the earliest to avoid any threats.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients