Apple has released a patch for a WebKit zero-day affecting iOS, iPadOS, macOS, and Safari that may have been actively exploited. The flaw is a use after free issue that could be triggered by processing maliciously crafted web content, leading to arbitrary code execution. This vulnerability was reported to Apple by an anonymous researcher and was addressed by the company by improving the memory agent. This is the third critical zero-day that has been addressed by the company this year, all being accompanied with a security patch.
Analyst Notes
Apple has released security updates for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation), macOS devices running Big Sur and macOS Catalina, and also as a standalone update for Safari. Users of Apple devices should ensure that their software is up to date to prevent threat actors from exploiting the vulnerability.
https://securityaffairs.co/wordpress/127894/security/apple-addressed-third-zero-day-2022.html?utm_source=feedly&utm_medium=rss&utm_campaign=apple-addressed-third-zero-day-2022
