Apple has released a fix for a WebKit vulnerability in iOS and macOS that is under active exploitation.
The flaw (CVE-2022-22620) affects iOS, macOS Big Sur, Monterey, and Catalina, as well as iPadOS, and an attacker who is able to exploit it could execute arbitrary code on the target device.
“Processing maliciously crafted web content may lead to arbitrary code execution. A use after free issue was addressed with improved memory management,” the Apple advisory says.
The vulnerability is patched in iOS 15.3.1, macOS Monterey 12.2.1, and Safari 15.3.
This is the second vulnerability in iOS that has been exploited in the wild in 2022. In January, Apple released a fix for a flaw in the IOMobileFrameBuffer in iOS that had been exploited, as well. That patch was part of a larger iOS release, but the fix that Apple released Thursday was the lone update for both iOS and macOS.
Apple typically only pushes out security only updates when a vulnerability is under active exploitation, as this latest one is.