iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched
Last Updated: 2022-02-10 19:18:47 UTC
by Johannes Ullrich (Version: 1)
Apple today released updates for iOS, iPadOS and macOS.
The update fixes a single WebKit vulnerability, CVE-2022-22620. This vulnerability was reported by an anonymous researcher. It has already been exploited in the wild which explains the expedited release of this upgrade.
WebKit vulnerabilities are typically exploited by exposing the device to a malicious webpage, but anything rendered using the WebKit engine could potentially be used to expose the vulnerability.
With this update, you will be running macOS Monterey 12.2.1 and iPad or iOS 15.3.1. Currently, it isn't clear if other devices using WebKit are vulnerable, or if the patch will be released as a Safari update for older macOS versions. But typically, Apple does not release vulnerability information until all affected operating systems are patched.
Apple also released a new version of WatchOS, but according to Apple, no vulnerabilities are fixed.
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu