Macs turn on apps signed by Symantec, treat them as malware

Update now! Apple fixes actively exploited zero-day

Apple has released a security fix for a zero-day vulnerability (CVE-2022-22620) that it says “may have been actively exploited.” According to the security update information provided by Applethe vulnerability exists in WebKit—the HTML rendering engine component of its Safari browser—and can be used by an attacker to create web content that may lead to arbitrary code execution.

Apple says it has addressed this vulnerability with improved memory management in iOS 15.3.1, iPadOS 15.3.1, macOS Monterey 12.2.1, and Safari 15.3.

Vulnerability

The vulnerability is a use-after-free (UAF) issue in WebKit that could lead to OS crashes and code execution on compromised devices. Use after free (UAF) is a type of vulnerability that results from the incorrect use of dynamic memory during a program’s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

This issue can be exploited when WebKit processes HTML content. The attacker can exploit this vulnerability by luring users to visit a specially crafted web page. Once the user opens the malicious web page, an attacker can remotely execute malicious code on the targeted system. The vulnerability has been reported publicly as being exploited in the wild and was reported by an anonymous researcher.

WebKit is the browser engine that powers Safari on Macs as well as all browsers on iOS and iPadOS (browsers on iOS and iPadOS are obliged to use it). It is also the web browser engine used by Mail, App Store, and many other apps on macOS, iOS, and Linux.

Affected devices

Users owning the following devices should install the update as soon as possible:

  • iOS 15.3.1 and iPadOS 15.3.1 can be found on iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
  • macOS Monterey 12.2.1 for all systems running macOS Monterey (MacBooks, iMacs, Mac minis, and Mac Pros)
  • All devices running macOS Big Sur and macOS Catalina which are using Safari.

Stay safe, everyone!

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.