On Thursday 10 February 2022 Apple rolled out an urgent security update for most of its systems: in addition to macOS 12.2.1, Safari was updated for macOS Big Sur and Catalina, and iOS and iPadOS have been updated to 15.3.1.
The updates have closed a security vulnerability (CVE-2022-22620) found in WebKit – that’s why there are also updates for Safari on older versions of macOS, and also for watchOS.
WebKit is a universal browser engine for all Apple devices. Affected Safari versions are Safari 15.0, 15.1, 15.2 and 15.3.
Apple describes the gap now closed as follows:
- Impact: Processing maliciously crafted web content can lead to the execution of arbitrary code. Apple is aware of a report stating that this problem may have been actively exploited.
- Description: A “Use after free” issue was addressed through improved memory management.
- CVE-2022-22620: an anonymous researcher
Apparently an attacker could send his victim a link to a seemingly harmless and known page, but as soon as the user visited it arbitrary code could be executed on the system. Apple indicate that the security gap has been actively exploited. This is why the software update is recommended for all users.
If you are running macOS Monterey 12.2 you should update to version 12.2.1, which closes the security vulnerability in WebKit that would have made it possible to execute malicious code on the Mac.
The 10 February 2022 update also solves the problem of quickly discharging battery while in sleep mode due to a bug relating to Bluetooth devices – we discuss this here:
macOS Monterey 12.2.1 fixes Mac battery drain issue.
Apple does not provide further information about the content of the update, which is around 1GB in size. As usual, you install the update via the software update system preference, a restart is required as always.
How to update Mac software.
The Safari update may not immediately be apparent because the version number hasn’t changed, however the build number has – 166126.96.36.199.8 and 156188.8.131.52.8.
iOS and iPadOS update
The iOS and iPadOS software updates also address the webkit security flaw.
The update also fixed an error with braille displays that had been reported by some users. Apparently input devices for the blind could freeze if the notifications were turned on on an iPhone or iPad.
How to update iOS.
Should I update?
Since the gap has apparently already been exploited, it is strongly recommended that you update as soon as possible.