Apple has released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company’s third zero-day patch since the start of the year.
Tracked as CVE–2022-22620, the issue concerns a use-after-free vulnerability in the WebKit component that powers the Safari web browser and could be exploited by a piece of specially crafted web content to gain arbitrary code execution.
Actively Exploited In The Wild
“Apple is aware of a report that this issue may have been actively exploited,” the company said in a terse statement acknowledging in-the-wild attacks leveraging the flaw.
The iPhone maker credited an anonymous researcher for discovering and reporting the flaw, adding it remediated the issue with improved memory management.
Apple Releases Updates to Patch The Flaw
The updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation), macOS devices running Big Sur and macOS Catalina, and also as a standalone update for Safari.
The latest fix brings the tally of zero-day patches issued by Apple for 2022 to three, including CVE-2022-22587 and CVE-2022-22594, that could have been exploited to run arbitrary code and track users’ online activity in the web browser.
You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.