Apple has released security updates for iOS 15.3.1, macOS Monterey 12.2.1, and Safari 15.3 with fixes for a zero-day vulnerability exploited in the wild.
A remote attacker could exploit some of these vulnerabilities to take control of unpatched systems.
iOS 15.3.1 and iPadOS 15.3.1
The latest iOS 15.3.1 and iPadOS 15.3.1 security update released on February 10, 2022 addressed one WebKit remote code execution vulnerability CVE-2022-22620 that could result in arbitrary code execution.
“Apple is aware of a report that this issue may have been actively exploited,” Apple wrote in the advisory.
The issue affects iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) devices.
macOS Monterey and Safari updates
In addition, Apple addressed the same zero-day vulnerability CVE-2022-22620 in macOS Monterey 12.2.1 and Safari 15.3 security updates. The Safari update is available for macOS Big Sur and macOS Catalina.
Finally, a watchOS 8.4.2 was also released, but had no published CVEs.