Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero- day vulnerabilities previously exploited by threat actors to compromise its devices.
The list of issues is below,
- CVE-2022-32893– An out- of- bounds write issue in WebKit which could lead to the prosecution of arbitrary code by processing a especially crafted web content
- CVE-2022-32894– An out- of- bounds write issue in the operating system’s Kernel that could be abused by a vicious application to execute arbitrary code with the loftiest privileges
Apple said it addressed both the issues with bettered bounds checking, adding it’s apprehensive the vulnerabilities” may have been actively exploited.”
The company didn’t disclose any fresh information regarding these attacks or the identities of the threat actors perpetrating them, although it’s likely that they were abused as part of largely- targeted intrusions.
The latest update brings the total number of actively exploited zero- days patched by Apple to six since the launch of the time,
- CVE-2022-22587( IOMobileFrameBuffer) – A malicious operation may be suitable to execute arbitrary code with kernel privileges
- CVE-2022-22620( WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2022-22674( Intel Graphics Driver) – An operation may be suitable to read kernel memory
- CVE-2022-22675( AppleAVD) – An application may be suitable to execute arbitrary code with kernel privileges
Both the vulnerabilities have been fixed in iOS15.6.1, iPadOS15.6.1, and macOS Monterey 12.5.1. The iOS and iPadOS updates are available for iPhone 6s and latterly, iPad Pro( all models), iPad Air 2 and latterly, iPad 5th generation and latterly, iPad mini 4 and latterly, and iPod touch( 7th generation).
Update : Apple on Thursday released a security update for Safari web browser( version 15.6.1) for macOS Big Sur and Catalina to patch the WebKit vulnerability fixed in macOS Monterey.
