Apple releases Safari 15.6.1 - For Your better Experience
for the older macOS Big Sur and macOS Catalina operating systems
The update includes an important security fix for a WebKit vulnerability that could lead to arbitrary code execution, according to Apple.
Apple said it is aware of a report that the WebKit vulnerability may have been actively exploited, so updating Safari is highly recommended.
The zero-day patched today (CVE-2022-32893) is an out-of-bounds write issue in WebKit that could allow a threat actor to execute code remotely on a vulnerable device.
Apple says the vulnerability was disclosed by a researcher who wishes to remain anonymous.
This zero-day vulnerability is the same one that was patched by Apple yesterday for macOS Monterey and iPhone/iPads.
Apple has not provided details on how the vulnerability is being used in attacks other than saying that it "may have been actively exploited."
This is the seventh zero-day vulnerability fixed by Apple in 2022