Apple has released new security updates to backport patches released earlier this month to older iPhones and iPads addressing a remotely exploitable WebKit zero-day that allows attackers to execute arbitrary code on unpatched devices.
This zero-day vulnerability is the same one Apple patched for macOS Monterey and iPhone/iPad devices on August 17, and for Safari on August 18.
The flaw is tracked as CVE-2022-3289 and is an out-of-bounds write vulnerability in WebKit, the web browser engine used by Safari and other apps to access the web.
Read more…
Source: Bleeping Computer