New updates to iOS (15.3) and macOS Monterey (12.2) have been released in an effort to combat a bug in Safari that includes a zero-day flaw. The vulnerability is tracked as CVE-2022-22587, a memory corruption issue lying within the IOMobileFrameBuffer component. With the proper malicious application, the vulnerability could essentially allow kernel privileges after arbitrary code is executed, and it is believed to have been exploited in the wild prior to the updates. Apple has acknowledged the bug but will not reveal the nature of the attacks or how often they are occurring.
The updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, iPod touch (7th generation), and macOS devices running Big Sur, Catalina, and Monterey. These device models or devices running these operating systems should be updated immediately.