Safari 15.6.1 addresses a zero-day flaw actively exploited in the wild

Apple released Safari 15.6.1 for macOS Big Sur and Catalina to address a zero-day vulnerability actively exploited in the wild.

Safari 15.6.1 for macOS Big Sur and Catalina addressed an actively exploited zero-day vulnerability tracked as CVE-2022-32893.

The flaw is an out-of-bounds write issue in WebKit and the IT giant fixed it with improved bounds checking. The exploitation of this vulnerability may lead to arbitrary code execution.

According to the advisory, threat actors could exploit the flaw by tricking victims into visiting a maliciously crafted web content. Apple confirmed that this issue may have been actively exploited by threat actors in the wild, but it did not provide details about the attacks.

“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” reads the advisory.

The vulnerability was reported by an anonymous researcher. Yesterday, Apple also addressed the same issue for macOS Monterey and iPhone/iPads.

The vulnerability has been fixed with the release iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1. The iOS and iPadOS updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Apple has addressed other six zero-day vulnerabilities since January, below is the list of fixed issues:

• January 2022: CVE-2022-22587 and CVE-2022-22594.
• February 2022: CVE-2022-22620.
• March 2022: CVE-2022-22674 and CVE-2022-22675.
• May 2022: CVE-2022-22675

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Safari)

[adrotate banner=”5″]

[adrotate banner=”13″]