Apple has released a fix for a zero-day vulnerability that bad actors can exploit to take full control iPhone, iPad or a computer running macOS Monterey. The tech giant’s security advisors are pretty clear on the details, but they identified CVE-2022-3289 as a vulnerability discovered by an anonymous researcher. It says the vulnerability can be exploited “to execute arbitrary code with kernel privileges”, meaning attackers could act as users and gain administrative control of the target device. . The company said it was aware that the vulnerability could have been exploited.
Additionally, Apple has also released a fix for a vulnerability affecting WebKit, the engine used by Safari, Mail, and many other iOS and macOS apps. According to the company, it allows attackers to arbitrarily execute code and thus can be used to download more malware. Like the first vulnerability, Apple credits an anonymous researcher for discovering this vulnerability – they also know that it could have been exploited and used to compromise iOS and Mac devices.
Both bugs are present in macOS Monterey 12.5.1 and Apple has released a patch for this operating system. Both affect the same set of iPhones and iPads, namely: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later. up and iPod touch (7th generation). Since both bugs are being actively exploited right now, it’s probably a good idea for owners of all the aforementioned devices to install the patches by downloading the latest software update.
All products recommended by Engadget are curated by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.