⚡ TL;DR | Go Straight to the WebKit 0-day Report
Apple recently released a new version for MacOS Monterey 12.2.1. In this version, Apple fixed an actively exploited vulnerability listed as CVE-2022-22620. The vulnerability is a use after free issue in the WebKit component, the browser engine used in Safari and all iOS web browsers. Similar to previous vulnerabilities in the WebKit component, when the target is led to a malicious web page it can result in arbitrary code execution on their machine. According to Apple, they are: «aware of a report that this issue may have been actively exploited».
Aside from fixing this issue in MacOS, Apple did also release new version for their mobile operating systems iOS 15.3.1 and iPadOS 15.3.1 and for the Safari browser as well. The Safari patch has been released specifically for Apple devices still running macOS Big Sur and macOS Catalina. These devices need to update to Safari 15.3 to ensure that they are no longer vulnerable.
This isn’t the first time Apple has released hotfixes this year, just a few weeks ago, patches were released for other zero-day vulnerabilities, CVE-2022-22587 and CVE-2022-22594, the latter also being a flaw in the WebKit component. All the more reason to ensure that you keep up with the updates Apple releases for their products.
To help you with ensuring all your Apple computers are up to date, we’ve created a report that shows if your MacOS or Safari is up to date. Additionally, we’ve added color-coding to indicate whether an asset as a whole is still vulnerable or not. In short, any Mac OS before Monterey is required to have Safari 15.3, any Mac with Monterey is required to update to 12.2.1. As long as either of these conditions is met, the report will indicate the assets as safe with a green highlight.