The zero-day flaw, known as CVE-2022-32917, allows a malicious app to run arbitrary code on an affected device with kernel privileges, Apple said in a security update.
Apple fixed the bug in updates for iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6 and macOS Big Sur 11.7.
Apple warned that it is aware that this flaw “may have been actively exploited”.
According to TechCrunch, this is the eighth zero-day vulnerability fixed by Apple this year.
In addition to these fixes, Apple also released a fix for a Safari browser flaw that could lead to address bar spoofing.
The security fixes were released along with iOS 16, which brings several security and privacy features, including support for Apple Passkeys and Lockdown Mode.
“Keeping your software up to date is one of the most important things you can do to maintain your Apple product’s security,” said the company.
After a software update is installed for iOS, iPadOS, tvOS, and watchOS, it cannot be downgraded to the previous version.
Last month, Apple released new software updates for iPhones, iPads and Macs to fix two security vulnerabilities known by the tech giant to be actively exploited by attackers.
The two vulnerabilities were found in WebKit, the browser engine that powers Safari and other apps, and the kernel, essentially the operating system’s core.
The tech giant had said the WebKit bug could be exploited if a vulnerable device accessed or processed “maliciously crafted web content (that) may lead to arbitrary code execution”.