Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched

Apple today released updates for iOS, iPadOS and macOS. 

The update fixes a single WebKit vulnerability, CVE-2022-22620. This vulnerability was reported by an anonymous researcher. It has already been exploited in the wild which explains the expedited release of this upgrade.

WebKit vulnerabilities are typically exploited by exposing the device to a malicious webpage, but anything rendered using the WebKit engine could potentially be used to expose the vulnerability.

With this update, you will be running macOS Monterey 12.2.1 and iPad or iOS 15.3.1. Currently, it isn't clear if other devices using WebKit are vulnerable, or if the patch will be released as a Safari update for older macOS versions. But typically, Apple does not release vulnerability information until all affected operating systems are patched.

Apple also released a new version of WatchOS, but according to Apple, no vulnerabilities are fixed.

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS Cyber Defence Japan August 2022

Johannes

4515 Posts
ISC Handler
Feb 10th 2022

Sign Up for Free or Log In to start participating in the conversation!