Apple releases patches for major iOS and macOS security vulnerabilities

Apple has released a fix for a zero-day vulnerability that bad actors could exploit to take full control of an iPhone, an iPad or a computer running macOS Monterey. The tech giant’s security advisory is pretty light on details, but it has identified CVE-2022-3289 as a vulnerability discovered by an anonymous researcher. It says the flaw could be exploited “to execute arbitrary code with kernel privileges,” which means attackers could act as the user and gain admin control of the target device. The company says it’s aware that the vulnerability may have already been exploited.

In addition, Apple has also rolled out a fix for a vulnerability affecting WebKit, the engine used by Safari, Mail and many other iOS and macOS apps. According to the company, it allows attackers to arbitrarily execute code and could hence be used to, among other things, download more malware. Like the first vulnerability, Apple credits an anonymous researcher for the discovery of this flaw — it also knows that it may have already been exploited and used to compromise iOS and Mac devices. 

Both flaws are present in macOS Monterey 12.5.1, and Apple has rolled out a patch for the operating system. They both …read more