iPhone users are being encouraged to update their devices following the discovery of an issue which 'may have been actively exploited'.
Apple released security updates for iOS, iPadOS, macOS and Safari on Thursday, February 10, after being made aware of the flaw by an 'anonymous researcher' who uncovered it.
iOS 15.3.1 and iPadOS 15.3.1 include updates to the iOS and iPadOS operating systems released in September 2021, and come just two weeks after the release of previous updates, iOS and iPadOS 15.3.
The flaw concerns a 'use-after-free vulnerability in the WebKit component that powers the Safari web browser', according to The Hacker News. Apple itself didn't share many specific details about the issue, though said in a statement that 'processing maliciously crafted web content may lead to arbitrary code execution.'
The tech company said it is 'aware of a report that this issue may have been actively exploited', and added the update addressed a 'use after free issue' with 'improved memory management'.
Though Apple only appears to have received one report about the issue so far, presumably from the anonymous researcher, the update is available for a number of devices, indicating millions could be susceptible.
Apple just rolled out iOS and iPadOS 15.3.1, and macOS Monterey 12.2.1, to patch a zero-day vulnerability in WebKit that "may have been actively exploited." Update ASAP.
— Zack Whittaker (@zackwhittaker) February 10, 2022
Anyone with an iPhone 6s or later can install the update, as well as those with any iPad Pro model, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation), macOS devices running Big Sur and macOS Catalina. The update can also be applied by itself to Safari.
Hacker News notes that the latest fix brings the number of zero-day patches issued by Apple in 2022 to three, following previous issues which reportedly could have been exploited to run arbitrary code and track users' online activity in the web browser.
iOS 15.3.1 also fixes an issue with Braille, which prevented the feature from responding for visually impaired people.
Apple has explained on its site that it does not 'disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available' for customers' protection, as announcing the issues before there is a solution could alert hackers to the fact there is a problem and leave users vulnerable.
Recent releases for Apple users are listed on the company's security updates page, and the best way for users to ensure their devices are protected is to take advantage of any updates to the iOS system.
If you have a story you want to tell, send it to UNILAD via [email protected]
