![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2019\/03\/ios-software-update-available-icon-600x300-e1558142227486.png\"){kind=icon}
<\/p>\n<\/p>\n
On Thursday, Apple released security updates for macOS Monterey, iOS, iPadOS, and Safari to fix an actively exploited vulnerability.<\/p>\n
Apple describes the single vulnerability as follows:<\/p>\n
WebKit<\/strong><\/p>\n
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)<\/p>\n
Available for: macOS Monterey<\/p>\n
Available for: macOS Big Sur and macOS Catalina [as Safari 15.3]\n
<\/p>\n
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.<\/p>\n
<\/p>\n
Description: A use after free issue was addressed with improved memory management.<\/p>\n
<\/p>\n
CVE-2022-22620: an anonymous researcher<\/p><\/blockquote>\n
Little additional information is available about this specific vulnerability. However, given that Apple says that it “may have been active exploited”\u2014meaning that it has reportedly been used in at least one in-the-wild attack\u2014it’s important to update quickly.<\/p>\n
After installing the latest updates, the new version numbers will be as follows:<\/p>\n
\n
- iOS 15.3.1<\/strong><\/li>\n
- iPadOS 15.3.1<\/strong><\/li>\n
- macOS Monterey 12.2.1<\/strong><\/li>\n
- Safari 15.3<\/strong> (build number 16612.4.9.1.8 for Big Sur, or 15612.4.9.1.8 for Catalina)<\/li>\n<\/ul>\n
The “actively exploited” nature of this vulnerability has prompted<\/a> the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to order federal agencies to patch their affected systems no later than February 25.<\/p>\n
Apple also released watchOS 8.4.2<\/strong> on Thursday, which contained “no published CVE entries”\u2014meaning that if any security updates were included, Apple is not disclosing them at this time.<\/p>\n
It is unclear whether other Apple software, such as watchOS, tvOS, and iCloud for Windows, may require WebKit updates to address this vulnerability as well. If so, Apple may release additional updates in the near future.<\/p>\n
How to update to iOS 15.3.1 and iPadOS 15.3.1<\/h3>\n
To install the latest iOS or iPadOS updates, check the Settings app on your device: Settings<\/strong> > General<\/strong> > Software Update<\/strong>. The process is the same regardless of whether you use an iPhone, iPad, or iPod touch.<\/p>\n
How to install watchOS 8.4.2<\/h3>\n
To install the latest watchOS update, make sure your iPhone is up to date first. Then ensure that your phone and watch are both connected to the same Wi-Fi network, and that your watch battery is charged to at least a 50%. Then open the Watch app on your phone, and tap General<\/strong> > Software Update<\/strong>.<\/p>\n
How to update to the latest macOS and Safari versions<\/h3>\n
You can get the latest macOS version (or Safari version) that’s compatible with your Mac by clicking on Apple menu<\/strong> >\u00a0System Preferences\u2026<\/strong> > Software Update<\/strong>.<\/p>\n
If your Mac is running macOS High Sierra or older, look for macOS Monterey in the App Store and download it from there.<\/p>\n
Note that although Apple released Safari updates for macOS Big Sur and macOS Catalina, it is best to upgrade to macOS Monterey if possible. Apple does not patch every security issue for older macOS versions; see Apple\u2019s Poor Patching Policies Potentially Make Users\u2019 Security and Privacy Precarious<\/a>.<\/p>\n