Vulnerability in Apple’s Safari browser that was exploited earlier this year was fixed in 2013, then reintroduced in 2016. Affects the WebKit component and allows remote code execution if a piece of online content takes advantage of it. It has been identified as CVE-2022-22620 (CVSS score: 8.8).
Apple said that the problem “may have been aggressively abused” when it released patches for it in early February 2022 for Safari, iOS, iPadOS, and macOS. The paths to exploit the vulnerability are different, even though the 2013 and 2022 History API flaws are essentially the same. Read More…