Organizations with iPhones, iPads in their IT environment should apply a new Apple security update that fixes a new zero day code execution vulnerability that has been exploited in the wild.
In an advisory, Apple said the issue impacts a wide range of devices, including: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
According to BleepingComputer, it also affects Macs running macOS Monterey.
The company says an attacker could use maliciously crafted web content to execute arbitrary code, and it may have been exploited in the wild.
The bug, CVE-2022-22620, was reported by an anonymous user.
“Processing maliciously crafted web content may lead to arbitrary code execution,” the company said in an advisory. “Apple is aware of a report that this issue may have been actively exploited.”
MacWorld reports that the vulnerability is in Webkit, Apple’s web rendering engine, that is used by all browsers on iOS and ipadOS, not just Safari, meaning all vulnerable devices are impacted, regardless of what browser is being used.
Organizations with those devices in their estate are urged to apply iOS 15.3.1, iPadOS 15.3.1, and macOS Monterey 12.2.1.
At the time of publication, little further details were available as the company is giving users time to apply the patches.
Leave a Reply