On Thursday, Apple released security updates for macOS Monterey, iOS, iPadOS, and Safari to fix an actively exploited vulnerability.
Apple describes the single vulnerability as follows:
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Available for: macOS Monterey
Available for: macOS Big Sur and macOS Catalina [as Safari 15.3]
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A use after free issue was addressed with improved memory management.
CVE-2022-22620: an anonymous researcher
Little additional information is available about this specific vulnerability. However, given that Apple says that it “may have been active exploited”—meaning that it has reportedly been used in at least one in-the-wild attack—it’s important to update quickly.
After installing the latest updates, the new version numbers will be as follows:
The “actively exploited” nature of this vulnerability has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to order federal agencies to patch their affected systems no later than February 25.
Apple also released watchOS 8.4.2 on Thursday, which contained “no published CVE entries”—meaning that if any security updates were included, Apple is not disclosing them at this time.
It is unclear whether other Apple software, such as watchOS, tvOS, and iCloud for Windows, may require WebKit updates to address this vulnerability as well. If so, Apple may release additional updates in the near future.
To install the latest iOS or iPadOS updates, check the Settings app on your device: Settings > General > Software Update. The process is the same regardless of whether you use an iPhone, iPad, or iPod touch.
To install the latest watchOS update, make sure your iPhone is up to date first. Then ensure that your phone and watch are both connected to the same Wi-Fi network, and that your watch battery is charged to at least a 50%. Then open the Watch app on your phone, and tap General > Software Update.
You can get the latest macOS version (or Safari version) that’s compatible with your Mac by clicking on Apple menu > System Preferences… > Software Update.
If your Mac is running macOS High Sierra or older, look for macOS Monterey in the App Store and download it from there.
Note that although Apple released Safari updates for macOS Big Sur and macOS Catalina, it is best to upgrade to macOS Monterey if possible. Apple does not patch every security issue for older macOS versions; see Apple’s Poor Patching Policies Potentially Make Users’ Security and Privacy Precarious.
Apple’s Poor Patching Policies Potentially Make Users’ Security and Privacy Precarious
Whether you’re using iOS, iPadOS, or macOS, always back up your data before installing any updates. This gives you a restore point if something does not go as planned.
For details on how to back up your iPhone to your Mac or to iCloud (or both), see Should You Back Up Your iOS Device to iCloud or Your Mac?
For backing up your Mac, it’s ideal to follow a “3-2-1 backup strategy,” and to occasionally verify that your Mac is backing up successfully.
Data Backup Plan: How to Implement the 3-2-1 Backup Strategy
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: