Apple releases fix for zero-day vulnerability that bad actors could exploit to take full control iPhone, iPad or computer Running macOS Monterey. The tech giant’s security advisory is very clear on the details, but it has identified CVE-2022-3289 as a vulnerability discovered by an anonymous researcher. It said the vulnerability could be exploited to “execute arbitrary code with kernel privileges,” meaning an attacker could act as a user and gain administrator control of the target device. The company said it was aware that the vulnerability could have been exploited.
Additionally, Apple has rolled out fixes for vulnerabilities affecting WebKit, the engine used by Safari, Mail, and many other iOS and macOS apps. According to the company, it allows attackers to execute arbitrary code and thus can be used to download more malware. As with the first vulnerability, Apple credits the discovery of this vulnerability to an anonymous researcher — it also knows it could have been exploited and used to compromise iOS and Mac devices.
Both flaws are present in macOS Monterey 12.5.1, for which Apple has rolled out patches. They also affect the same set of iPhones and iPads, specifically: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later model and iPod touch (7th generation) generation). Since both vulnerabilities may be actively being exploited right now, it may be wise for owners of all of the aforementioned devices to install the patch by downloading the latest software update.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase through one of these links, we may receive an affiliate commission.