Update now! Apple pushes out security patches for iPhone and Mac zero-day vulnerabilities

Flaws may have been actively exploited in the wild.

Graham Cluley
Graham Cluley
@[email protected]

Update now! Apple pushes out security patches for iPhone and Mac zero-day vulnerabilities

Apple has released urgent security updates for its customers, following the discovery of zero-day vulnerabilities that can be used to hack into iPhones, iPads, and Macs.

iOS 15.3 and macOS Monterey 12.2 are being pushed out to users, fixing a variety of security flaws. But the ones which have raised the most concern are those which may have been actively exploited.

If you own a Mac or Macbook you are are advised to update your computer to macOS Monterey 12.2 to protect against a kernel code execution vulnerability in IOMObileFrameBuffer that has been given the name CVE-2022-22587.

In its security advisory, Apple credits the discovery of the flaw to an anonymous researcher, Siddharth Aeri, and Meysam Firouzi of MBition – the Mercedes Benz Innovation Lab.

Apple says it is “aware of a report that this issue may have been actively exploited,” although no further details regarding the nature of any attacks has been shared by the company, or who might have been targeted.

Sign up to our free newsletter.
Security news, advice, and tips.

Security fixes for older versions of macOS, Big Sur and Catalina, have also been released by Apple.

Fortunately updating macOS is a pretty painless process.

Macos update

For instance, on your Mac or MacBook you just need to open the  menu, select About this Mac, and click on Software update to see what security patches are waiting to be installed.

As with any operating system update, I would always recommend doing a secure backup first – just to be on the safe side.

Meanwhile researcher Martin Bajanik disclosed a separate vulnerability to Apple on November 28 2021. The vulnerability (CVE-2022-22594), which exists in Safari WebKit on iOS, is not known to have been exploited by malicious actors yet, but was publicly disclosed by Bajanik earlier this month.

In its advisory, Apple says that an update for the security hole found by Bajanik is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

For many iPhone and iPad users the update will be automatically installed, but – if you want to make sure that you are protected – follow these instructions:

Click on Settings > General > Software Update, and choose Download and Install.

Ipados update

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.