Apple has released iOS 15.3.1, iPadOS 15.3.1, and macOS 12.2.1, which fix a critical Webkit zero-day vulnerability that may have already been used in the wild. Apple’s release notes describe the security content as follows:
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A use after free issue was addressed with improved memory management.
- CVE-2022-22620: an anonymous researcher
Webkit is Apple’s web rendering engine, and it is required to be used by all browsers on iOS, iPadOS, and macOS not just Safari. This means that no matter what browser you use on your iPhone, iPad, or Mac it’s possible for users to craft web content in such a way that it allows them to run anything on your device. And worse, it may have already been used in the real world, rather than just discovered by security researchers.
Apple also pushed out a Safari 15.3 update for macOS Big Sur (build number 166188.8.131.52.8) and macOS Catalina (build number 156184.108.40.206.8). The iOS 15.3.1 update also fixes a small issue that could cause Braille displays to stop responding.
In other words, you want to get this patch as soon as possible. To do so on your iPhone or iPad, open the Settings app, tap General, then Software Update. On the Mac, open System Preferences and head over to Software Update.