Update now! Apple pushes out security patches for iPhone and Mac zero-day vulnerabilities

Flaws may have been actively exploited in the wild.

Graham Cluley
@gcluley

Update now! Apple pushes out security patches for iPhone and Mac zero-day vulnerabilities

Apple has released urgent security updates for its customers, following the discovery of zero-day vulnerabilities that can be used to hack into iPhones, iPads, and Macs.

iOS 15.3 and macOS Monterey 12.2 are being pushed out to users, fixing a variety of security flaws. But the ones which have raised the most concern are those which may have been actively exploited.

If you own a Mac or Macbook you are are advised to update your computer to macOS Monterey 12.2 to protect against a kernel code execution vulnerability in IOMObileFrameBuffer that has been given the name CVE-2022-22587.

In its security advisory, Apple credits the discovery of the flaw to an anonymous researcher, Siddharth Aeri, and Meysam Firouzi of MBition – the Mercedes Benz Innovation Lab.

Apple says it is “aware of a report that this issue may have been actively exploited,” although no further details regarding the nature of any attacks has been shared by the company, or who might have been targeted.

EmailSign up to our newsletter
Security news, advice, and tips.

Security fixes for older versions of macOS, Big Sur and Catalina, have also been released by Apple.

Fortunately updating macOS is a pretty painless process.

Macos update

For instance, on your Mac or MacBook you just need to open the  menu, select About this Mac, and click on Software update to see what security patches are waiting to be installed.

As with any operating system update, I would always recommend doing a secure backup first – just to be on the safe side.

Meanwhile researcher Martin Bajanik disclosed a separate vulnerability to Apple on November 28 2021. The vulnerability (CVE-2022-22594), which exists in Safari WebKit on iOS, is not known to have been exploited by malicious actors yet, but was publicly disclosed by Bajanik earlier this month.

In its advisory, Apple says that an update for the security hole found by Bajanik is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

For many iPhone and iPad users the update will be automatically installed, but – if you want to make sure that you are protected – follow these instructions:

Click on Settings > General > Software Update, and choose Download and Install.

Ipados update

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.