Apple releases patches for major iOS and macOS security vulnerabilities
Apple has released a patch for a zero-day vulnerability that malicious actors could exploit to take full control of an iPhone, iPad, or computer running macOS Monterey. The tech giant's security advisory is pretty light on details, but it identified CVE-2022-3289 as a vulnerability discovered by an anonymous researcher. It says the flaw could be exploited "to execute arbitrary code with kernel privileges", which means attackers could act as a user and gain administrative control of the target device. The company says it is aware that the vulnerability may have already been exploited.
In addition, Apple has also released a patch for a vulnerability affecting WebKit, the engine used by Safari, Mail, and many other iOS and macOS apps. According to the company, it allows attackers to arbitrarily execute code and could therefore be used, among other things, to download more malware. As with the first vulnerability, Apple credits an anonymous researcher with discovering this flaw - they also know that it may have already been exploited and used to compromise iOS and Mac devices.
Both vulnerabilities are present in macOS Monterey 12.5.1, and Apple has deployed a fix for the operating system. They both affect the same set of iPhones and iPads, specifically: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod touch (7th generation). Since both flaws are likely actively exploited right now, it's probably wise for owners of all of the aforementioned devices to install the fixes by downloading the latest software update.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission.
Apple has released a patch for a zero-day vulnerability that malicious actors could exploit to take full control of an iPhone, iPad, or computer running macOS Monterey. The tech giant's security advisory is pretty light on details, but it identified CVE-2022-3289 as a vulnerability discovered by an anonymous researcher. It says the flaw could be exploited "to execute arbitrary code with kernel privileges", which means attackers could act as a user and gain administrative control of the target device. The company says it is aware that the vulnerability may have already been exploited.
In addition, Apple has also released a patch for a vulnerability affecting WebKit, the engine used by Safari, Mail, and many other iOS and macOS apps. According to the company, it allows attackers to arbitrarily execute code and could therefore be used, among other things, to download more malware. As with the first vulnerability, Apple credits an anonymous researcher with discovering this flaw - they also know that it may have already been exploited and used to compromise iOS and Mac devices.
Both vulnerabilities are present in macOS Monterey 12.5.1, and Apple has deployed a fix for the operating system. They both affect the same set of iPhones and iPads, specifically: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod touch (7th generation). Since both flaws are likely actively exploited right now, it's probably wise for owners of all of the aforementioned devices to install the fixes by downloading the latest software update.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission.
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
