Apple is rolling out security patches for iOS and macOS. Two zero-day flaws could offer full control to the attacker. Update as soon as possible.
Apple recently deployed a security patch for a zero-day flaw that malicious people could exploit to take full control of an iPhone, iPad or computer running macOS Monterey. The security brief given by the tech giant is rather light on details, but it does refer to the CVE-2022-3289 flaw, discovered by an anonymous researcher.
Apple rolls out security patches for iOS and macOS
According to the information, this flaw could be exploited “to execute arbitrary code with administrator privileges”, which means that attackers could impersonate the legitimate user of the device and gain administrative control of the target machine. The Cupertino company explains that it has been informed that this vulnerability has already been exploited.
Two zero-day flaws could give the attacker full control
In addition, the Apple brand has deployed a patch for a flaw affecting WebKit, the rendering engine used by Safari, Mail and many other iOS and macOS apps. According to the company, the latter allows attackers to execute arbitrary code, which could allow, among other things, to download more malware on the machine. Like the first flaw, Apple credits an anonymous researcher for discovering this vulnerability, and explains that it has been informed that it has already been used to compromise iOS and macOS devices.
These two flaws are present in macOS Monterey 12.5.1 and Apple has released a patch for the operating system. They affect some iPhones and iPads the same way: iPhone 6s and newer, iPad Pro (all models), iPad Air 2 and newer, fifth-generation iPad and newer, iPad mini 4 and newer as well as the iPod touch (7ᵉ generation). And since both are most likely actively exploited, owners of one or more of these devices should download and install these patches as soon as possible.