THUNDER BAY – TECH – If you use an iPhone, iPad, or Mac computer, this one is for you.
Apple has released a high priority security upgrade for iOS 15.3.1, iPadOS 15.3.1, and macOS 12.2.1.
This upgrade will fix a critical Webkit zero-day vulnerability that may have already been used in the wild.
Apple’s release notes describe the security content as follows:
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A use after free issue was addressed with improved memory management.
- CVE-2022-22620: an anonymous researcher
Webkit is Apple’s web rendering engine, and it is required to be used by all browsers on iOS, iPadOS, and macOS not just Safari. This means that no matter what browser you use on your iPhone, iPad, or Mac it’s possible for users to craft web content in such a way that it allows them to run anything on your device. And worse, it may have already been used in the real world, rather than just discovered by security researchers.