Apple Releases Patches for Major iOS, macOS amid Security Vulnerabilities
TEHRAN (Tasnim) - Apple issued a patch for a zero-day vulnerability that bad actors could use to gain complete control of an iPhone, iPad, or computer running macOS Monterey.
The security advisory from the tech giant is brief, but it identifies CVE-2022-3289 as a vulnerability discovered by an anonymous researcher, Engadget reported.
According to the report, the flaw could be used to "execute arbitrary code with kernel privileges," which means attackers could impersonate the user and gain administrative control of the target device. According to the company, the vulnerability has already been exploited.
In addition, Apple has also rolled out a fix for a vulnerability affecting WebKit, the engine used by Safari, Mail and many other iOS and macOS apps. According to the company, it allows attackers to arbitrarily execute code and could hence be used to, among other things, download more malware. Like the first vulnerability, Apple credits an anonymous researcher for the discovery of this flaw — it also knows that it may have already been exploited and used to compromise iOS and Mac devices.
Both flaws are present in macOS Monterey 12.5.1, and Apple has rolled out a patch for the operating system.
They both affect the same set of iPhones and iPads, as well, particularly: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod touch (7th generation).
Since both flaws are likely being actively exploited right now, it's probably wise for owners of all the aforementioned devices to install the patches by downloading the latest software update.
