Apple fixes actively exploited iOS, macOS zero-day (CVE-2022-22620)


Another month, another zero-day (CVE-2022-22620) exploited in the wild that has been fixed by Apple.

About CVE-2022-22620

CVE-2022-22620 is a use after free issue in WebKit, the browser engine used in Safari and all iOS web browsers.

Apple fixed it in iOS 15.3.1 and iPadOS 15.3.1, macOS Monterey 12.2.1, and Safari 15.3.

“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” the company noted in the security update release notes, and credited an anonymous researcher with reporting it.