Apple Patches New Zero-Day Flaw with iOS 15.3.1

Tech behemoth Apple is fixing yet another zero-day bug in iOS and iPadOS after receiving word that the issue may be actively exploited by malicious actors.

iOS 15.3.1 is primarily a security release, though it also fixes an issue with assistive features not responding.

“iOS 15.3.1 provides important security updates for your iPhone and fixes an issue that may cause Braille displays to stop responding,” according to the release notes.

The security content of the update is detailed in a succinct advisory that reveals a single – but critical – fix for a WebKit flaw tracked as CVE-2022-22620.

The bug, which affects all iDevices running iOS 15 or lower versions, can be exploited to run arbitrary code – such as malware – on the target device.

“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” according to the advisory.

Notably, this is the third iOS zero-day flaw patched by Apple this year alone. It’s also the second such flaw found in the WebKit web browser engine this year, following the widely reported Safari vulnerability that could leak users’ browsing history and other data.

To install iOS/iPadOS 15.3.1, navigate to Settings -> General -> Software Update and let the device fetch the new version for you. When prompted, tap Install Now.