Apple Patches Its Third Zero-Day In 2022: Webkit Browser Engine Flaw

On Thursday, Apple patched another zero-day, its third this year after patching CVE-2022-22587 (an arbitrary code execution with kernel privileges vulnerability) and CVE-2022-22594 (a vulnerability allowing users browsing activities to be tracked and identified in real-time) in January. The latest zero-day, CVE-2022-22620, is a flaw in Apple’s WebKit browser engine that affects macOS Monterey, iPadOS, and iOS devices. It’s a flaw that Apple notes may already be under active exploitation in the wild. These vulnerabilities add to the trouble specific to iPhone devices following the disclosure of several zero-day flaws used to install and proliferate NSO’s Pegasus spyware

The vulnerability impacts all iPhone models from 6s forward, iPad Pro, iPad Air 2 and later, 5th generation iPads and later, iPad mini 4 and later, and iPod touch in addition to the macOS Monterey operating system. The vulnerability allows incorrect use of dynamic memory during a program operation (Use-after-free) and would allow an attacker to execute code arbitrarily on the affected device. Apple also notes that the flaw could cause unexpected OS crashes.

On Friday, February 11, CISA added CVE-2022-22620 to its known exploited vulnerability catalog and is requiring Federal Civilian Executive Branch (FCEB) agencies (any agency except the Department of Defense and intelligence agencies) to patch by February 25, just two weeks from disclosure.

Recommended Remediation

Organizations with macOS Monterey devices, iPhones, or iPads should patch immediately, since the vulnerability could already be exploited in the wild. Apple has released updates for all affected OSes – the latest (and safest) versions are below:

If you’re an Automox customer, you can remediate this vulnerability automatically on all of your macOS devices. If you already have a 'patch all' policy that includes macOS devices, they will patch when your policy is next scheduled to scan and run, provided Automox Agent 36 is deployed to those devices.

To patch these vulnerabilities ad-hoc, create a patch only policy for your affected devices and select “macOS Monterey 12.2.1” from the package list. Again, be sure to have Agent 36 deployed on your Automox devices

Automox for Easy IT Operations

Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day. Demo Automox and join thousands of companies transforming IT operations into a strategic business driver.

Dive deeper into this topic