Apple fixed dozens of security issues with the release of iOS 15.3 from macOS Monterey 12.2 on Wednesday.
iOS 15.3 fixes a total of 10 safety Bugs, including one that the company says may have been actively exploited. The vulnerability, tracked as CVE-2022-22587, is a memory corruption bug in IOMobileFrameBuffer – a kernel extension that allows developers to control how a device’s memory handles the screen display – leading to the execution of kernel code could.
Apple has also released macOS Monterey 12.2, which includes a fix for a widely known WebKit bug that researchers have found could leak recent browsing history and Google account information from Safari 15 and third-party web browsers.
First discovered by FingerprintJSa browser fingerprint and Fraud Detection Service found the vulnerability in Apple’s implementation of IndexedDB, an application programming interface (API) that stores data in your browser.
The bug tracked as CVE-2022-22594 allows any website using IndexedDB to access IndexedDB database names generated by other websites during a user’s browser session, which in turn allows a website to track other websites using the Users in different tabs or visited windows. In some cases, websites use unique user-specific identifiers in IndexedDB database names, which FingerprintJS says could allow attackers to access a user’s Google account information.
iOS 15.3 also lands with fixes for security issues that could result in apps gaining root privileges, the ability to run arbitrary code with kernel privileges, and the ability for apps to access user files via iCloud.
Meanwhile, macOS Monterey 12.2 patches a total of 13 vulnerabilities. The latter also promises smoother scrolling on MacBooks and fixes a previously reported scrolling issue in Safari.
Apple has also released security fixes for macOS Big Sur 11.6.3 and macOS Catalina.
The release of these latest security updates comes just two weeks after Apple released them iOS15.2.2 to fix a vulnerability in iOS and iPadOS that could be exploited via HomeKit to persistently launch denial of service (DoS) attacks.
