Apple release update to address a new WebKit flaw
Threat Intelligence from DigitalXRAID’s Security Operations Centre analysts:
DigitalXRAID’s Security Operations Centre Analysts have reported that Apple have just released an update for iOS, iPadOS, macOS and Safari web browser in order to address a new WebKit flaw that may have been actively exploited in the wild.
Read more about the CVE detail here: CVE-2022-22620
The CVSS (Common Vulnerability Scoring System) Severity Score has been rated as: 8.4
Tracked as CVE-2022-22620, the issue concerns a use-after-free vulnerability in the WebKit component that powers the Safari web browser and could be exploited by a piece of specially crafted web content to gain arbitrary code execution.
This vulnerability affects:
- Versions prior to iOS 15.3.1
- Versions prior to iPadOS 15.3.1
- Versions prior to macOS Monterey 12.2.1
- Versions prior to Safari 15.3
Remediation of Vulnerabilities
iOS 15.3.1 and iPadOS 15.3.1 updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Devices running macOS Monterey should be updated to version 12.2.1.
Safari 15.3 updates are available for devices running macOS Big Sur and macOS Catalina.
DigitalXRAID’s SOC Analysts recommend that any supported devices are updated immediately.
If you discover that you’ve suffered a breach and need help urgently, get in contact with us. You can call our emergency line on 0800 066 4509 to speak to one of our experts. They’re available 24 hours a day, 7 days a week. Bookmark this page in case you ever need us.
If you need any support in mitigating any risks this vulnerability may have on your business, please don’t hesitate to get in contact.
