CVE-2022-22620: Safari web browser arbitrary code execution vulnerability alert

CVE-2022-22620

After half a month, Apple updated the official version of iOS 15.3.1 recently. According to the released update content, iOS 15.3.1 does not bring functional upgrades, but mainly fixes some bugs. There is a WebKit vulnerability (CVE-2022-22620) that allows hackers to maliciously create web content, resulting in arbitrary code execution, and this vulnerability is being exploited. “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” the company said. Apple also said it recommends that Apple users who have not yet upgraded and are affected by the vulnerability complete the upgrade as soon as possible.

In addition, Apple once fixed a vulnerability in the Safari browser in the iOS 15.3 version, at that time, the security researcher discovered that the Safari browser may leak data such as the user’s Google ID, browser history, etc. iOS 15.3.1 also further checks and fixes this vulnerability, improving the user experience.

In other respects, Apple also released system updates for two other product lines, WatchOS 8.4.2 and MacOS 12.2.1. In the previous MacOS system, when the Mac is connected to Bluetooth and is in a sleep state, Bluetooth will often automatically wake up the Mac, which increases a lot of power consumption for no reason. The only solution at the time was to disable Bluetooth, but it wasn’t a long-term solution. To this end, MacOS 12.2.1 solves this problem.