Apple has recently rolled out urgent software updates for iOS and macOS devices, addressing two severe zero-day vulnerabilities. Given the risk of active exploitation, all iPhone, iPad, and Mac users must rush to update their devices at the earliest.
iOS And macOS Zero-Day Vulnerabilities
According to the latest Apple advisories, the tech giant has rolled out surprise iOS and macOS updates fixing zero-day vulnerabilities.
The flaws affected the system kernel and WebKit component allowing arbitrary code execution privileges upon exploit.
Both vulnerabilities caught the attention of an anonymous researcher, who then reported the matter to Apple.
Specifically, the first of these is an out-of-bounds write issue in macOS and iOS Kernel (CVE-2022-32894). Apple explained that an application with kernel privileges might exploit the flaw to execute arbitrary codes on the target devices.
The second vulnerability, CVE-2022-32893, affected WebKit, the browser engine powering Safari, Mail, and other apps on Apple devices. Apple also described it as an out-of-bounds write vulnerability allowing arbitrary code execution upon processing maliciously crafted content.
Apple confirmed patching both vulnerabilities via improved bound checks. However, it also admitted to having detected active exploitation of the flaws in the wild.
The tech giant released the fixes with macOS Monterey 12.5.1, iOS 15.6.1, and iPadOS 15.6.1. For the latter, the iOS devices eligible for this update include the iPhone 6s and later, iPad Pro (all models), iPad 5th gen and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th gen.
Users should update their respective devices with the latest software releases to avoid threats.
For now, Apple hasn’t explained the level of exploitation for both vulnerabilities, nor did they elaborate on the extent of the attacks.