Apple has released security updates for iOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3, and other Apple products. The updates also address a zero-day vulnerability exploited in the wild.
A remote attacker could exploit some of these vulnerabilities to take control of unpatched systems.
iOS 15.3 and iPadOS 15.3
The latest iOS 15.3 and iPadOS 15.3 security update released on January 26, 2022 addressed 10 vulnerabilities, 3 of those could result in arbitrary code execution.
In addition, one zero-day vulnerability CVE-2022-22587 in IOMobileFrameBuffer has known exploits in the wild.
“A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited,” Apple said.
The update is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) models.
macOS security updates
Apple released a new version of macOS Monterey 12.2 that patched 13 vulnerabilities in all, 7 that could result in code execution.
In addition, Apple also released a security update for Big Sur 11.6.3 that patched 8 vulnerabilities, 3 of those could result in arbitrary code execution.
Each of the Monterey 12.2 and Big Sur 11.6.3 updates include patches for actively exploited zero-day vulnerability CVE-2022-22587.
Moreover, researchers from Perception Point also discovered another zero-day vulnerability CVE-2022-22583 in macOS which can enable a threat actor to bypass Apple’s SIP (System Integrity Protection) mechanism and take full control over the victim’s system.
SIP is a security technology in macOS (introduced with OS X El Capitan) that is designed to help prevent potentially malicious software from modifying protected files and folders on your Mac. It also restricts the actions of the root account from making changes to protected parts of the Mac operating system.
The macOS Catalina Security Update 2022-001 addressed 5 vulnerabilities.
Other Apple product updates
Finally, Apple released updates for Safari 15.3, tvOS 15.3, and watchOS 8.4.
Readers can check out the Apple security updates page for all of the latest OS updates.