Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero- day flaw that has been used in attacks in the wild.

The issue, assigned the identifier CVE-2022-32917, is rooted in the Kernel element and could enable a malicious app to execute arbitrary code with kernel privileges.

” Apple is aware of a report that this issue may have been actively exploited,” the iPhone maker conceded in a brief statement, adding it resolved the bug with bettered set checks. An anonymous experimenter has been credited with reporting the shortcoming.

It’s worth noting that CVE-2022-32917 is also the second Kernel related zero- day flaw that Apple has remediated in lower than a month.

Patches are available in performances iOS 15.7, iPadOS15.7, iOS 16, macOS Big Sur 11.7, and macOS Monterey 12.6. The iOS and iPadOS updates cover iPhone 6s and latterly, iPad Pro( all models), iPad Air 2 and latterly, iPad 5th generation and latterly, iPad mini 4 and latterly, and iPod touch( 7th generation).

With the rearmost fixes, Apple has addressed seven actively exploited zero- day flaws and one intimately- known zero- day vulnerability since the launch of the time.

• CVE-2022-22587( IOMobileFrameBuffer) – A vicious operation may be suitable to execute arbitrary code with kernel privileges CVE-2022-22594( WebKit Storage) – A website may be suitable to track sensitive stoner information( intimately known but not laboriously exploited) 
• CVE-2022-22620( WebKit) – Processing virulently crafted web content may lead to arbitrary law prosecution 
• CVE-2022-22674( Intel Graphics motorist) – An application may be suitable to read kernel memory 
• CVE-2022-22675( AppleAVD) – An application may be suitable to execute arbitrary code with kernel privileges 
• CVE-2022-32893( WebKit) – Processing virulently drafted web content may lead to arbitrary law prosecution 
• CVE-2022-32894( Kernel) – An operation may be suitable to execute arbitrary code with kernel privileges

Besides CVE-2022-32917, Apple has plugged 10 security holes in iOS 16, gauging Connections, Kernel Charts, MediaLibrary, Safari, and WebKit. The iOS 16 update is also notable for incorporating a new Lockdown Mode that is designed to make zero- click attacks harder.

iOS further introduces a feature called Rapid Security Response that makes it possible for druggies to automatically install security fixes on iOS devices without a full operating system update. 

” Rapid Security Responses deliver important security improvements more snappily, before they become part of other improvements in a future software update,” Apple said in a revised support document published on Monday. 

Lastly, iOS 16 also brings support for passkeys in the Safari web browser, a passwordless sign- in mechanism that allows users to log in to websites and services by authenticating via Touch ID or Face ID.

Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero- day vulnerabilities previously exploited by threat actors to compromise its devices.

The list of issues is below,

• CVE-2022-32893– An out- of- bounds write issue in WebKit which could lead to the prosecution of arbitrary code by processing a especially crafted web content 
• CVE-2022-32894– An out- of- bounds write issue in the operating system’s Kernel that could be abused by a vicious application to execute arbitrary code with the loftiest privileges 

Apple said it addressed both the issues with bettered bounds checking, adding it’s apprehensive the vulnerabilities” may have been actively exploited.” 

The company didn’t disclose any fresh information regarding these attacks or the identities of the threat actors perpetrating them, although it’s likely that they were abused as part of largely- targeted intrusions. 

The latest update brings the total number of actively exploited zero- days patched by Apple to six since the launch of the time,

• CVE-2022-22587( IOMobileFrameBuffer) – A malicious operation may be suitable to execute arbitrary code with kernel privileges 
• CVE-2022-22620( WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution 
• CVE-2022-22674( Intel Graphics Driver) – An operation may be suitable to read kernel memory 
• CVE-2022-22675( AppleAVD) – An application may be suitable to execute arbitrary code with kernel privileges 

Both the vulnerabilities have been fixed in iOS15.6.1, iPadOS15.6.1, and macOS Monterey 12.5.1. The iOS and iPadOS updates are available for iPhone 6s and latterly, iPad Pro( all models), iPad Air 2 and latterly, iPad 5th generation and latterly, iPad mini 4 and latterly, and iPod touch( 7th generation).

Update : Apple on Thursday released a security update for Safari web browser( version 15.6.1) for macOS Big Sur and Catalina to patch the WebKit vulnerability fixed in macOS Monterey.

Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to  guard high-  threat users against” highly targeted cyberattacks.” 

The” extreme, optional protection” feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies developing state- sponsored surveillanceware  similar as Pegasus, DevilsTongue, Predator, and Hermit.

Lockdown Mode, when enabled,” hardens device defenses and  rigorously limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by  largely targeted  greedy spyware,” Apple said in a statement.   

This includes blocking most communication attachment types other than images and disabling link previews in Messages; rendering inoperative just-  by- time(JIT) JavaScript  compendium; removing support for shared albums in Photos; and  precluding incoming FaceTime calls from unknown numbers.   

Other restrictions cut off wired connections with a computer or accessory when an iPhone is locked and, most importantly, prohibit configuration profiles — a feature that is been abused to sideload apps bypassing the App Store — from being installed.   

The tech giant also noted that it plans to incorporate  fresh countermeasures to Lockdown Mode over time, while simultaneously inviting feedback from the security  exploration community to identify” qualifying findings” that will be eligible for over to$ 2 million in bug bounties.   

It’s worth noting that the feature won’t be switched on by default, but can be accessed by heading to Settings> Privacy & Security> Lockdown Mode.   

The announcement arrives a month after Apple debuted a new Rapid Security Response feature in iOS 16 and macOS Ventura that aims to deploy security fixes without the need for a full operating system version update.   

Google and Meta offer  similar software features known as Advanced Account Protection and Facebook Protect that are meant to secure the accounts of  individualities who are at an” elevated  threat of targeted online attacks” from takeover attempts.

But it will not be surprising if Google follows suit with a  analogous feature on Android.