On Wednesday, Apple released security updates for its iOS, iPadOS, and macOS platforms to fix two zero-day vulnerabilities that were previously exploited by threats to compromise their devices.
Here is a list of issues –
CVE-2022-32893 – An out-of-bounds issue in WebKit that could lead to arbitrary code execution by handling specially crafted web content
CVE-2022-32894 – An out-of-bounds issue in the OS Kernel that could be abused by a malicious application to execute arbitrary code with the highest privileges
Apple says it has addressed both issues with improved bounds checking, adding it is aware of vulnerabilities that “may have been actively exploited”.
The company did not disclose any additional information regarding these attacks or the identities of the threat actors that perpetrated them, although it is likely that they were abused as part of the attacks. highly targeted intrusion.
The latest update brings the total number of zero days patched by Apple to six since the beginning of the year –
CVE-2022-22587 (IOMobileFrameBuffer) – A malicious application can execute arbitrary code with kernel privileges
CVE-2022-22620 (WebKit) – Processing of manually generated web content may result in arbitrary code execution
CVE-2022-22674 (Intel Graphics Driver) – An application can read kernel memory
CVE-2022-22675 (AppleAVD) – An application that can execute arbitrary code with kernel privileges
Both vulnerabilities have been fixed in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1. iOS and iPadOS updates available for Iphone 6s or later, iPad Pro (all models), iPad Air 2 or later, iPad 5th generation or later, iPad mini 4 or later, and iPod touch (7th generation).
.