Apple has issued iOS, iPadOS and macOS security patches for a major vulnerability that was found to be affecting a large number of its device.
The vulnerability, tracked as CVE-2022-22620, was being abused in the wild, allowing threat actors to execute any code (including malware (opens in new tab)) on a compromised device, or even crash the OS.
"Apple is aware of a report that this issue may have been actively exploited," the company said in the announcement following the release of the patch, which is part of iOS and iPadOS versions 15.3.1., while macOS Monterey is now at 12.2.1.
Numerous models affected
All iPhones, from iPhone 6S onwards, are affected by the vulnerability, as are all models of the iPad Pro, all iPad Air models starting from Air 2, iPad 5 and onwards, iPad mini 4 and newer, as well as the iPod touch 7. Furthermore, all Macs running macOS Monterey were vulnerable.
So far, it appeares that the vulnerability was likely only used in targeted attacks, meaning the average user is probably under no immediate threat. Still, everyone is advised to update their devices to the newest version, as soon as possible.
> Apple fixes yet more iOS zero-day security threats (opens in new tab)
> Apple apologizes for slow reply to iOS 15 zero-days (opens in new tab)
> This serious iPhone security flaw was exploited by a second Israeli spy firm (opens in new tab)
When it comes to patching up dangerous system vulnerabilities, Apple has started the year on a high note. Last month, two of the zero-days that were found to have been exploited in the wild were patched - CVE-2022-22587 and CVE-2022-22594. These affected iPhones, mac OS Monterey-powered Macs, and a couple of iPads.
Late last year, the company was criticized for being slow to respond to news of newly discovered zero-days. It has even gotten to the point where the company had to issue a formal apology to the cybersecurity community:
"We saw your blog post regarding this issue and your other reports. We apologize for the delay in responding to you," an Apple employee wrote in an email to a cybersecurity researcher Denis Tokarev last September.
- Here's our rundown of the best endpoint security (opens in new tab) solutions right now
Via: BleepingComputer (opens in new tab)