Apple has issued a patch for a zero-day vulnerability that bad actors could use to gain complete control of an iPhone, iPad, or computer running macOS Monterey. The security advisory from the tech giant is brief, but it identifies CVE-2022-3289 as a vulnerability discovered by an anonymous researcher.
According to the report, the flaw could be used to “execute arbitrary code with kernel privileges,” which means attackers could impersonate the user and gain administrative control of the target device. According to the company, the vulnerability has already been exploited.
In addition, Apple has released a patch to address a vulnerability in WebKit, the engine used by Safari, Mail, and many other iOS and macOS apps. According to the company, it allows attackers to execute code at will and could thus be used to download more malware, among other things.
Like the first vulnerability, Apple attributes the discovery of this flaw to an anonymous researcher; however, Apple is aware that it has already been exploited and used to compromise iOS and Mac devices.
Both flaws are present in macOS Monterey 12.5.1, for which Apple has released a patch. They both affect the same iPhones and iPads, including the iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Because both flaws are likely being actively exploited right now, owners of all of the aforementioned devices should install the patches by downloading the most recent software update.