Apple has officially released Safari 15.6.1 to Mac users running macOS Big Sur and macOS Catalina.
The latest update, which brings some usual bug fixes and performance improvements to the browser, also fixes a major security vulnerability that Apple has confirmed was used in the wild.
The fix, which is for WebKit, is available for users running macOS Big Sur and macOS Catalina. It fixes an issue where “processing maliciously crafted web content may lead to arbitrary code execution.”
The full details of the security fix are in the release notes (opens in new tab) and below:
- WebKit
- Available for: macOS Big Sur and macOS Catalina
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- WebKit Bugzilla: 243557 CVE-2022-32893: an anonymous researcher
Apple fixed more than just Safari lately
Safari isn’t the only piece of software that has been affected by the security vulnerability. iOS 15, iPadOS 15, and macOS Monterey were also affected by the issue and Apple released updates for all of them yesterday to patch the vulnerability.
In addition to addressing the WebKit security issue, those updates also addressed a security vulnerability at the kernel level where “an application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.”
You can see all of the information about that security issue below:
- Kernel
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE-2022-32894: an anonymous researcher
So, if you are running any of these software versions, make sure you update right away so you are protected.
Comments are closed.