Apple releases Safari 15.6.1 with important security fix

News
By
published

Apple wants everyone to update, and update fast.

Safari Macos High Sierra Customize Website Options
Safari on macOS High Sierra (Image credit: Future)

Apple has officially released Safari 15.6.1 to Mac users running macOS Big Sur and macOS Catalina.

The latest update, which brings some usual bug fixes and performance improvements to the browser, also fixes a major security vulnerability that Apple has confirmed was used in the wild.

The fix, which is for WebKit, is available for users running macOS Big Sur and macOS Catalina. It fixes an issue where "processing maliciously crafted web content may lead to arbitrary code execution."

The full details of the security fix are in the release notes and below:

  • WebKit
  • Available for: macOS Big Sur and macOS Catalina
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
  • Description: An out-of-bounds write issue was addressed with improved bounds checking.
  • WebKit Bugzilla: 243557 CVE-2022-32893: an anonymous researcher

Apple fixed more than just Safari lately

Safari isn't the only piece of software that has been affected by the security vulnerability. iOS 15, iPadOS 15, and macOS Monterey were also affected by the issue and Apple released updates for all of them yesterday to patch the vulnerability. 

In addition to addressing the WebKit security issue, those updates also addressed a security vulnerability at the kernel level where "an application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited."

You can see all of the information about that security issue below:

  • Kernel
  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
  • Description: An out-of-bounds write issue was addressed with improved bounds checking.
  • CVE-2022-32894: an anonymous researcher

So, if you are running any of these software versions, make sure you update right away so you are protected.

Joe Wituschek
Joe Wituschek
Contributor

Joe Wituschek is a Contributor at iMore. With over ten years in the technology industry, one of them being at Apple, Joe now covers the company for the website. In addition to covering breaking news, Joe also writes editorials and reviews for a range of products. He fell in love with Apple products when he got an iPod nano for Christmas almost twenty years ago. Despite being considered a "heavy" user, he has always preferred the consumer-focused products like the MacBook Air, iPad mini, and iPhone 13 mini. He will fight to the death to keep a mini iPhone in the lineup. In his free time, Joe enjoys video games, movies, photography, running, and basically everything outdoors.