Get updating: Apple releases iOS 15.3.1 patch for ‘actively exploited’ security flaw | ZDNet

If you didn’t already upgrade to iOS 15.3, now might be a good time to do it because of a security flaw Apple has now patched.

Apple released iOS 15.3 earlier this month but it didn’t include one fix for a security flaw it has now addressed in iOS 15.3.1. 

Details from Apple, as usual, are scant but it gave enough to suggest it is a serious bug because it can lead to malicious code execution simply by users opening a web page in the Apple Safari browser. 

“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” Apple said.   

The update is available for iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch 7th generation.

Since the bug affects WebKit, the browser engine for Safari, it also affects macOS. Apple also released macOS Monterey 12.2.1 to address the issue on Macs.  

The bug, like many security flaws, was a memory flaw that code written in C++ is particularly prone to. 

According to Microsoft and Google, about 70% of a security issues are caused by memory safety problems and those issues are tied to flaws written in C and C++, arguably the most important family of programming languages that have been used for decades in multi-million line infrastructure systems like Windows, WebKit, Chrome, Android, Firefox, the Linux kernel and now embedded systems for Internet of Things devices.