You Should Update Your iPhone To iOS 15.3.1 Right Now

Less than a month after Apple's 15.3 security updates for iOS and iPadOS — from January, 2022 — we now have another important security update that needs installing. Specifically, the new iOS 15.3.1 and iPadOS 15.3.1 updates address a potential exploit in Safari's web browser engine, WebKit, that would allow malicious operations hidden in websites to take advantage of a memory loophole in order to execute their own code.

In other words, a potential attacker could take advantage of a memory error in Safari to hack into the device's system and corrupt data or run other functions without user authorization. According to Apple's description the security exploit, dubbed "CVE-2022-22620," was discovered by an "anonymous researcher" and can have an affect on the iPhone 6s and later, the 7th generation iPod Touch, the iPad mini 4 and later, iPads from the 5th generation and up, the iPad Air 2 and newer, and all versions of the iPad Pro.

What to do

The update notes for iOS 15.3.1 and iPadOS 15.3.1 go on to state that Apple has received at least one report indicating that the exploit may have already been used prior to this update, though it doesn't go into additional detail. And if you believe you may have found a similar bug or exploit that could affect iOS, macOS, or watchOS user security or privacy, you can send your own report directly to Apple. Otherwise you can stay on top of Apple security updates from the official security updates page.

Apple's stated fix for the exploit has been to improve memory management in order to close off the exploit. How that may impact Safari when browsing remains to be seen (likely it won't be a noticeable change), but it's recommended that users with at-risk devices install the latest update as soon as they're able. If automatic updates aren't enabled, you can manually look for and install iOS 15.3.1 or iPadOS 15.3.1 from your device's system menu, under General > Software Update.