Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities

Apple
on
Wednesday
released
security
updates
for

iOS,
iPadOS
,
and

macOS

platforms
to
remediate
two
zero-day
vulnerabilities
previously
exploited
by
threat
actors
to
compromise
its
devices.

The
list
of
issues
is
below


  • CVE-2022-32893


    An
    out-of-bounds
    issue
    in
    WebKit
    which
    could
    lead
    to
    the
    execution
    of
    arbitrary
    code
    by
    processing
    a
    specially
    crafted
    web
    content

  • CVE-2022-32894


    An
    out-of-bounds
    issue
    in
    the
    operating
    system’s
    Kernel
    that
    could
    be
    abused
    by
    a
    malicious
    application
    to
    execute
    arbitrary
    code
    with
    the
    highest
    privileges

Apple
said
it
addressed
both
the
issues
with
improved
bounds
checking,
adding
it’s
aware
the
vulnerabilities “may
have
been
actively
exploited.”

The
company
did
not
disclose
any
additional
information
regarding
these
attacks
or
the
identities
of
the
threat
actors
perpetrating
them,
although
it’s
likely
that
they
were
abused
as
part
of
highly-targeted
intrusions.

The
latest
update
brings
the
total
number
of
zero-days
patched
by
Apple
to
six
since
the
start
of
the
year



  • CVE-2022-22587

    (IOMobileFrameBuffer)

    A
    malicious
    application
    may
    be
    able
    to
    execute
    arbitrary
    code
    with
    kernel
    privileges


  • CVE-2022-22620

    (WebKit)

    Processing
    maliciously
    crafted
    web
    content
    may
    lead
    to
    arbitrary
    code
    execution


  • CVE-2022-22674

    (Intel
    Graphics
    Driver)

    An
    application
    may
    be
    able
    to
    read
    kernel
    memory


  • CVE-2022-22675

    (AppleAVD)

    An
    application
    may
    be
    able
    to
    execute
    arbitrary
    code
    with
    kernel
    privileges

Both
the
vulnerabilities
have
been
fixed
in
iOS
15.6.1,
iPadOS
15.6.1,
and
macOS
Monterey
12.5.1.
The
iOS
and
iPadOS
updates
are
available
for
iPhone
6s
and
later,
iPad
Pro
(all
models),
iPad
Air
2
and
later,
iPad
5th
generation
and
later,
iPad
mini
4
and
later,
and
iPod
touch
(7th
generation).

Leave a Reply

Your email address will not be published. Required fields are marked *