Apple has released a patch for a zero-day vulnerability that attackers could use to gain full control of an iPhone and iPad or macOS Monterey computer. The company’s security advisory is rather sparse on details, but it has identified CVE-2022-3289 as a vulnerability discovered by an anonymous researcher.
The report said the vulnerability could be used “to execute arbitrary code with kernel privileges,” meaning attackers could act as a user and gain administrative control over the target device. Tech giant says it is aware that the vulnerability may have already been exploited.
Apple has also released a patch for a vulnerability affecting WebKit, the engine used in Safari, Mail, and many other iOS and macOS apps. According to the company, it allows attackers to arbitrarily execute code and can be used, in particular, to download new malware. As with the first vulnerability, Apple attributes the discovery of the flaw to an anonymous researcher – the company also knows that it could already have been used to compromise iOS and Mac devices.
In macOS Monterey 12.5.1 both defects are present. Because of this, Apple has released a patch for this operating system. They both affect the same set of iPhones and iPads, specifically: iPhone 6s and newer, iPad Pro (all models), iPad Air 2 and newer, iPad 5th generation and newer, iPad mini 4 and newer and iPod touch (7th generation). Since these vulnerabilities are probably being actively exploited right now, owners of all of the aforementioned devices should probably install the fixes by downloading the latest software update.
