Apple Releases iOS 15.3 to Fix Exploited iPhone Flaw

Apple Addresses Security Concerns with iOS 15.3 and macOS Monterey 12.2

On Wednesday, Apple released updates to enhance system security. These include iOS 15.3 and macOS Monterey 12.2, addressing a range of vulnerabilities.

iOS 15.3 Security Updates

The iOS 15.3 update resolves a total of 10 security flaws. Notably, one vulnerability, identified as CVE-2022-22587, was reportedly under active exploitation.

This vulnerability is a memory corruption issue within IOMobileFrameBuffer. This kernel extension manages the device’s screen display and memory handling. Successful exploitation could potentially allow for kernel code execution.

macOS Monterey 12.2 and WebKit Vulnerability

Alongside iOS 15.3, Apple launched macOS Monterey 12.2. This release includes a correction for a widely known flaw in WebKit.

The WebKit flaw could potentially expose a user’s recent browsing history. Furthermore, Google account information from Safari 15 and other third-party browsers could be at risk.

Researchers at FingerprintJS initially discovered the vulnerability. It resides within Apple’s implementation of IndexedDB, an API used for browser data storage.

How the IndexedDB Vulnerability Works

CVE-2022-22594, the tracking identifier for this flaw, permits any website utilizing IndexedDB to access the names of databases created by other websites.

This access can reveal a user’s browsing activity across different tabs and windows. In certain instances, websites employ unique identifiers within IndexedDB database names.

FingerprintJS cautioned that this could enable attackers to obtain a user’s Google account details.

Additional Security Improvements

iOS 15.3 also incorporates fixes for security issues that could allow applications to gain elevated root privileges.

The update addresses the potential for arbitrary code execution with kernel-level access. It also prevents apps from improperly accessing user files stored via iCloud.

macOS Monterey 12.2: Further Details

macOS Monterey 12.2 resolves a total of 13 vulnerabilities. Beyond security enhancements, this version aims to improve scrolling performance on MacBook devices.

Specifically, the update addresses a previously reported issue causing inconsistent scrolling behavior within Safari.

Legacy System Support

Apple has also released security updates for older macOS versions, including Big Sur and Catalina, ensuring broader protection.

Recent Security Update History

These releases follow the launch of iOS 15.2.2, which was deployed two weeks prior. That update addressed a vulnerability in iOS and iPadOS that could be exploited through HomeKit.

The earlier vulnerability could facilitate persistent denial-of-service (DoS) attacks.