Alert status CRITICAL Background / What has happened? The ACSC is tracking a Remote Code Execution vulnerability in Apple WebKit. Apple WebKit is a component used extensively in iOS and macOS devices to display web pages. Apple iOS and macOS products are used widely in Australia, organisations and users should take immediate action and update their devices to prevent compromise. CVE-2022-22620 allows a malicious actor to execute arbitrary code on an affected device if maliciously crafted web content is processed. Further information on this vulnerability is available in Apple’s security advisories: • Safari • macOS Monterey • iOS and iPadOS The ACSC is aware of reported active exploitation of this vulnerability. Mitigation / How do I stay secure? Australians should review their iOS and macOS devices and apply the latest available security updates as a high priority. Assistance / Where can I go for help? The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.