A vulnerability in a browser component has already been exploited for attacks. Google issued an update in early July. Apple has now followed up.
A security vulnerability in Safari gives urgent reason to update the browser. Apple released an update on July 20 with version 15.6. The problem is in the WebRTC component and also affects the Google Chrome and Microsoft Edge browsers.
Google responded with an update in early July. Microsoft also quickly released an update. Security researchers had discovered that the vulnerability is already being exploited in the wild. The error, for which malicious code is circulating, is in a log collection for web communication. According to Ars Technica, the malicious code exploits a heap overflow in WebRTC to execute code within a renderer process. Apparently, in an attack that had already taken place, attackers aimed at journalists in order to spy on their computers.
Safari 15.6 also closes vulnerabilities in Safari Extensions and WebKit.
