Apple has released a fix for a zero-day vulnerability that attackers could exploit to take full control of an iPhone, iPad, or computer running macOS Monterey. The tech giant’s security advisory is quite detailed, but it identified CVE-2022-3289 as a vulnerability discovered by an anonymous researcher. It says the flaw could be exploited “to execute arbitrary code with kernel privileges,” meaning attackers could act as a user and gain administrative control over the target device. The company is aware that the vulnerability may already have been exploited.
In addition, Apple has also released a fix for a vulnerability affecting WebKit, the engine used by Safari, Mail, and many other iOS and macOS apps. According to the company, it allows attackers to run arbitrary code and could be used, among other things, to download more malware. As with the first vulnerability, Apple credits the discovery of this flaw to an anonymous researcher – who also knows that it may already have been exploited and used to compromise iOS and Mac devices.
Both bugs are present in macOS Monterey 12.5.1, and Apple has rolled out a patch for the operating system. Both also affect the same iPhones and iPads, specifically: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th gen and later, iPad mini 4 and later, and iPod touch (7th generation). Since both vulnerabilities are likely to be actively exploited at this time, owners of all of the above devices are probably advised to install the patches by downloading the latest software update.
All products recommended by Engadget are selected by our editorial team independently from our parent company. Some of our stories contain affiliate links. If you buy something through one of these links, we may receive an affiliate commission.
https://www.engadget.com/apple-patch-ios-macos-security-vulnerabilities-043643469.html?src=rss Apple releases patches for major iOS and macOS security vulnerabilities