Skip to main content

Critical vulnerability identified in Apple iOS and macOS

A Remote Code Execution vulnerability has been identified in certain versions of Apple WebKit, affecting iOS and macOS devices. Affected users of these devices should update their devices as soon as possible.

Alert status
CRITICAL

Background / What has happened?

The ACSC is tracking a Remote Code Execution vulnerability in Apple WebKit. Apple WebKit is a component used extensively in iOS and macOS devices to display web pages. Apple iOS and macOS products are used widely in Australia, organisations and users should take immediate action and update their devices to prevent compromise.

CVE-2022-22620 allows a malicious actor to execute arbitrary code on an affected device if maliciously crafted web content is processed. Further information on this vulnerability is available in Apple’s security advisories:
•  Safari
•  macOS Monterey
•  iOS and iPadOS

The ACSC is aware of reported active exploitation of this vulnerability.

Mitigation / How do I stay secure? 

Australians should review their iOS and macOS devices and apply the latest available security updates as a high priority.

Assistance / Where can I go for help? 

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.
 

Was this information helpful?
Was this information helpful?

Thanks for your feedback!

 
Optional

Tell us why this information was helpful and we’ll work on making more pages like it