Apple has released interim updates for three operating systems – these are iOS and iPadOS 15.6.1 updates, as well as macOS Monterey 12.5.1. They fix the zero-day vulnerability CVE-2022-3289. Apple does not go into details and only notes that this security hole allowed arbitrary code to be executed in supervisor mode.
Simply put, a hacker could bypass the device’s security and gain admin-level control. According to Apple, there is evidence that this vulnerability was indeed exploited.
The update also closes a security hole in WebKit, the engine that powers Safari, Mail, and other standard iOS and macOS apps. The idea is the same as in the first case: the vulnerability allowed the execution of arbitrary code and was used by attackers.
Both vulnerabilities are present in the iPhone 6s and later, all iPad Pro models, iPod touch 7, and all tablets starting with the iPad Air 2, iPad 5, and iPad mini 4. Users of all these devices are advised not to delay updating the system, just like those who has a computer with macOS Monterey.