Apple has released emergency security updates to combat a new zero-day bug in its WebKit browser engine that is allowing threat actors to execute arbitrary code on vulnerable versions of iPads, iPhones, and MacOS devices. Apple said that it was aware of reports that this bug may have been actively exploited by cyber criminals. This zero-day patched by Apple is indexed as CVE-2022-22620. It’s a use-after-free vulnerability in WebKit resulting in the execution of arbitrary code after processing maliciously crafted web content on devices with iPadOS and on iOS that are vulnerable versions.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
February 15, 2022 12:00 pm

Many people are still blissfully unaware that Apple devices can even have bugs that can potentially risk their security and privacy. The notorious Pegasus malware has caused many a headache for Apple developers and proved vulnerabilities can be dangerously exploited. The simplicity of such an attack to occur after just visiting a website should bring home the scale of this possible attack but luckily Apple were quick to react. It is vital to keep operating systems on Apple devices up to date and to have auto updates on for apps where possible.

Last edited 7 months ago by Jake Moore
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x