Apple Releases Emergency Patch for iPhone, iPad and Mac Vulnerability

Apple's speedy response will limit the fallout from the vulnerability, but it will rely on users to update their devices.

Apple has rolled out security patches for devices using iOS, iPadOS, and macOS after finding a security vulnerability was being exploited by hackers in the wild. 

Apple has warned that processing certain types of maliciously crafted web content may lead to arbitrary code execution, so be extra careful about what you click on, especially before you download the update. It’s also recommended that you install antivirus software – or a VPN with threat protection features – if you haven’t already.

The quick response from Apple is the latest signal that the company has turned over a new leaf when it comes to responding to security patches; it was criticized towards the tail end last year for not responding to problems with sufficient haste. 

Threat Actors Were Executing Code on Apple Devices

Tracked as CVE-2022-22620, the vulnerability was letting hackers execute files – including malicious ones – on Apple-made devices such as iPhones.

Apple confirmed it is aware of the exploit and the company has released a patch as part of iOS and iPadOS 15.3.1., and macOS Monterey 12.2.1. 

In a statement explaining the reasons behind the patch rollout, Apple said that it “was aware of a report that this issue may have been actively exploited”, and warned that “Processing maliciously crafted web content may lead to arbitrary code execution.”

Reports suggest that the average Apple device holder is not under any immediate threat, as the exploit is being used in “targeted attacks” – which likely means businesses and other money-making entities are most at risk.

However, the standard advice for both businesses and individuals is to update your phone as soon as possible. 

Apple’s Patchy Security Record

Although Apple is behind some of the most secure operating systems the world has ever seen, the company has come under fire recently for not rolling out security patches quickly enough, and for responding slowly to zero-day vulnerabilities.

Zero-day vulnerabilities refer to problems with software that are being actively exploited by hackers but are unknown to IT teams and others with a vested interest in patching them. 

“We saw your blog post regarding this issue and your other reports. We apologize for the delay in responding to you,” an Apple employee wrote in an email to a security researcher last September, after they published three, exploitable bugs that Apple had repeatedly ignored. 

We want to let you know that we are still investigating these issues and how we can address them to protect customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance. Please let us know if you have any questions.”

Protecting Yourself Against Malware

The best protection against malware is antivirus software, particularly one with a website scanner so you know whether or not a site is legit before you click on it.

As Apple said, you’ve got to be careful about clicking on web content – but antivirus software isn’t the only tech that can help you avoid malware. VPNs like NordVPN come with threat protection tools; the provider will display warnings if you click on malicious website links. 

But, remember, the most important security measure is updating your iPhone, Mac, and/or iPad – the patch should be waiting in your device settings.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Aaron Drapkin is Tech.co's Content Manager. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol six years ago. Aaron's focus areas include VPNs, cybersecurity, AI and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, Cybernews, Lifewire, HR News and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, ProPrivacy, The Week, and Politics.co.uk covering a wide range of topics.
Explore More See all news
Back to top