Apple Released Patches to Address Web-Kit ZeroDay
Apple has released security updates to macOS, iOS, and iPadOS to address a zero-day vulnerability in the WebKit browser engine that attackers may already have used in the wild.
The vulnerability tracked as CVE-2022-22620, a use after free issue that was addressed with improved memory management. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
The WebKit is used in Safari, Mail, App Store, and many other apps on macOS, iOS, and Linux. WebKit can’t really be avoided; the best way to mitigate the risk posed by this vulnerability is to update.
An update resolves an issue for Intel-based Mac computers that may cause the battery to drain during sleep when connected to Bluetooth peripherals, a better update for Mac users
Apple says iOS 15.3.1 and iPadOS 15.3.1 are available for these devices: “iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).” All macOS 12-compatible devices can install macOS 12.2.1.