Issued: Thursday, 27 January, 2022 |
Last Revision: Thursday, 27 January, 2022 |
Vendor: |
Product: |
Severity Level: |
Apple released iOS 15.3 and macOS Monterey 12.2 on Wednesday (26th Jan 2022), it includes fixes for dozens of security issues, including two zero-day bugs, one of which may have been exploited in the wild.
Ten security vulnerabilities have been fixed in iOS 15.3, including a flaw, possibly exploited in the wild. This vulnerability is CVE-2022-22587, and affects the IOMobileFrameBuffer kernel extension, which makes it possible for developers to configure the way memory is used on the device to handles the screen display. Apple addressed it with improved input validation for iOS, iPadOS, and macOS Monterey to prevent kernel code execution.
Monterey 12.2 patches 13 vulnerabilities including a fix for a flaw found in WebKit that researchers discovered could expose user’s recent browsing histories and Google accounts through Safari 15, and through third-party browsers as well.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2022-22587 | Memory-corruption Vulnerability | n/a |
CVE-2022-22594 | Information-disclosure Vulnerability | n/a |
Table 1: Vulnerability details
CVE/Vulnerability | Affected Product(s) |
CVE-2022-22587 | iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) |
CVE-2022-22594 | Browsers on Products using macOS Monterey version prior to 12.2 |
Table 2: Vulnerable versions
We encourage the Organizations and individual users to update the affected products with the vendor provided updates (iOS 15.3 and macOS Monterey 12.2).