Apple has released urgent security updates for its customers, following the discovery of zero-day vulnerabilities that can be used to hack into iPhones, iPads, and Macs.
iOS 15.3 and macOS Monterey 12.2 are being pushed out to users, fixing a variety of security flaws. But the ones which have raised the most concern are those which may have been actively exploited.
If you own a Mac or Macbook you are are advised to update your computer to macOS Monterey 12.2 to protect against a kernel code execution vulnerability in IOMObileFrameBuffer that has been given the name CVE-2022-22587.
In its security advisory, Apple credits the discovery of the flaw to an anonymous researcher, Siddharth Aeri, and Meysam Firouzi of MBition – the Mercedes Benz Innovation Lab.
Apple says it is “aware of a report that this issue may have been actively exploited,” although no further details regarding the nature of any attacks has been shared by the company, or who might have been targeted.
Security fixes for older versions of macOS, Big Sur and Catalina, have also been released by Apple.
Fortunately updating macOS is a pretty painless process.
For instance, on your Mac or MacBook you just need to open the menu, select About this Mac, and click on Software update to see what security patches are waiting to be installed.
As with any operating system update, I would always recommend doing a secure backup first – just to be on the safe side.
Meanwhile researcher Martin Bajanik disclosed a separate vulnerability to Apple on November 28 2021. The vulnerability (CVE-2022-22594), which exists in Safari WebKit on iOS, is not known to have been exploited by malicious actors yet, but was publicly disclosed by Bajanik earlier this month.
In its advisory, Apple says that an update for the security hole found by Bajanik is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
For many iPhone and iPad users the update will be automatically installed, but – if you want to make sure that you are protected – follow these instructions:
Click on Settings > General > Software Update, and choose Download and Install.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.