Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero- day flaw that has been used in attacks in the wild.
The issue, assigned the identifier CVE-2022-32917, is rooted in the Kernel element and could enable a malicious app to execute arbitrary code with kernel privileges.
” Apple is aware of a report that this issue may have been actively exploited,” the iPhone maker conceded in a brief statement, adding it resolved the bug with bettered set checks. An anonymous experimenter has been credited with reporting the shortcoming.
It’s worth noting that CVE-2022-32917 is also the second Kernel related zero- day flaw that Apple has remediated in lower than a month.
Patches are available in performances iOS 15.7, iPadOS15.7, iOS 16, macOS Big Sur 11.7, and macOS Monterey 12.6. The iOS and iPadOS updates cover iPhone 6s and latterly, iPad Pro( all models), iPad Air 2 and latterly, iPad 5th generation and latterly, iPad mini 4 and latterly, and iPod touch( 7th generation).
With the rearmost fixes, Apple has addressed seven actively exploited zero- day flaws and one intimately- known zero- day vulnerability since the launch of the time.
- CVE-2022-22587( IOMobileFrameBuffer) – A vicious operation may be suitable to execute arbitrary code with kernel privileges CVE-2022-22594( WebKit Storage) – A website may be suitable to track sensitive stoner information( intimately known but not laboriously exploited)
- CVE-2022-22620( WebKit) – Processing virulently crafted web content may lead to arbitrary law prosecution
- CVE-2022-22674( Intel Graphics motorist) – An application may be suitable to read kernel memory
- CVE-2022-22675( AppleAVD) – An application may be suitable to execute arbitrary code with kernel privileges
- CVE-2022-32893( WebKit) – Processing virulently drafted web content may lead to arbitrary law prosecution
- CVE-2022-32894( Kernel) – An operation may be suitable to execute arbitrary code with kernel privileges
Besides CVE-2022-32917, Apple has plugged 10 security holes in iOS 16, gauging Connections, Kernel Charts, MediaLibrary, Safari, and WebKit. The iOS 16 update is also notable for incorporating a new Lockdown Mode that is designed to make zero- click attacks harder.
iOS further introduces a feature called Rapid Security Response that makes it possible for druggies to automatically install security fixes on iOS devices without a full operating system update.
” Rapid Security Responses deliver important security improvements more snappily, before they become part of other improvements in a future software update,” Apple said in a revised support document published on Monday.
Lastly, iOS 16 also brings support for passkeys in the Safari web browser, a passwordless sign- in mechanism that allows users to log in to websites and services by authenticating via Touch ID or Face ID.