Apple has patched a number of security flaws including a few that may have been ‘actively exploited’ with the release of iOS 15.3 and iPadOS 15.3 updates for its mobile devices.
The updates will roll out for iPhone 6s and later, all iPad Pro variants, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and the iPod touch (7th gen).
The primary vulnerability is referred to as CVE-2022-22587. This is a memory corruption bug in IOMobileFrameBuffer (or FrameBuffer) which is a kernel extension that allows app developers to control the way their app handles the phone’s display. An app exploiting this vulnerability could execute malicious code with kernel privileges.
Another notable vulnerability was a Webkit bug in Safari, referred to as CVE-2022-22594. This bug could allow any website using a specific JavaScript API to check on another tab that the user might have opened in Safari and thus track sensitive user information. The bug could also be exploited to track a user’s browsing history and Google Account information via Safari or any other third party browser.
iOS 15.3 addresses a total of 10 vulnerabilities and issues related to gaining root privileges, iCloud exploits.
The security updates come a week after Apple released a fix for a bug in iOS and iPadOS that could allow HomeKit to be exploited using Denial of Service (DoS) attacks.
Needless to say, this is an important update that addresses several privacy and security concerns. As always, the update will be pushed in a phased manner and you can go to Settings >> General >> Software update on your device to check if you have already received it