2 min read

Apple Patches New Zero-Day and Nasty Privacy Bug with iOS 15.3 and macOS 12.2

Filip TRUȚĂ

January 27, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Apple Patches New Zero-Day and Nasty Privacy Bug with iOS 15.3 and macOS 12.2

Apple is rolling out important software updates this week, patching dozens of security and privacy flaws. Updating is a must, to address an important privacy flaw as well as a zero-day that bad actors may be actively exploiting in the wild.

iOS 15.3 and macOS Monterey 12.2 both ship the much-awaited fix for the cross-origin issue discovered by FingerprintJS in the IndexDB API used by Apple’s WebKit browser engine. If exploited, “a website may be able to track sensitive user information,” according to the release notes.

While Apple’s advisory is terse, Martin Bajanik of FingerprintJS offers plenty of details about the flaw in a Jan. 14 entry on his company’s blog.

Tracked as CVE-2022-22594, the bug affects every product that leverages WebKit, from iPhone and Mac to Apple TV and Apple Watch.

Mac users who can’t immediately perform a system update are offered a handy standalone Safari 15.3 package to quickly address this issue, as well as other WebKit-related flaws.

Another critical flaw shared by different products is CVE-2022-22587, credited to researchers Meysam Firouzi and Siddharth Aeri, as well as a third, anonymous, researcher.

“A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited,” according to the release notes.

Notably, this is the third zero-day vulnerability discovered in IOMobileFrameBuffer by white hat hackers since July 2021.

The flaw is addressed not only in iOS 15 and macOS 12 (Monterey), but also in macOS Big Sur with version 11.6.3.

Security Update 2022-001 Catalina addresses even more bugs inherent to that particular macOS version. Readers can review the bug fixes by accessing the individual advisories below:

About the security content of iOS 15.3 and iPadOS 15.3

About the security content of Safari 15.3

About the security content of Security Update 2022-001 Catalina

About the security content of macOS Big Sur 11.6.3

About the security content of macOS Monterey 12.2

About the security content of tvOS 15.3

About the security content of watchOS 8.4

Be sure to make these updates a priority and, as always, stay safe!

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online
Silviu STAHIE

May 13, 2022

2 min read
Mozilla Says Many Health and Prayer Apps Are Pose Security Risks Mozilla Says Many Health and Prayer Apps Are Pose Security Risks
Silviu STAHIE

May 09, 2022

2 min read
$5 Million Worth of Bored Ape NFTs Stolen by Scammers Pretending to Return Gas Fees $5 Million Worth of Bored Ape NFTs Stolen by Scammers Pretending to Return Gas Fees
Silviu STAHIE

May 05, 2022

1 min read