Cyber Security News

Apple Released Emergency Security Updates to Fix Two Zero-Day Flaw Actively Exploited

There have been two zero-day vulnerabilities previously exploited by hackers in order to gain access to several Apple devices:-

  • iPhones
  • iPads
  • Macs

However, both of these issues have been addressed by Apple’s emergency security updates released recently. The zero-day flaw refers to a vulnerability that attackers are aware of yet hasn’t been patched or not discovered by the software vendor.

Zero-day exploits are often available as public proofs-of-concept, or active attacks exploit them. There have been two zero-day vulnerabilities in Apple’s products that have been fixed in the following updates. 

There have been several reports of these vulnerabilities being actively exploited by hackers. Here below, we have mentioned the updates:-

  • macOS Monterey 12.5.1
  • iOS 15.6.1
  • iPadOS 15.6.1

Zero-Day Flaws

Here below, we have mentioned the detected two zero-day vulnerabilities:-

  • CVE-2022-32894: An out-of-bounds write issue was addressed with improved bounds checking.
  • CVE-2022-32893: An out-of-bounds write issue was addressed with improved bounds checking.

An anonymous researcher reported these two vulnerabilities, and all three operating systems suffer from the same two vulnerabilities in terms of their security.

Kernels are programs that function as the heart of an OS, acting as components that communicate with one another. Apple’s Mac OS, iPad OS, and iOS all have a kernel that offers the highest level of privileges.

This vulnerability can be used by an application to execute code with kernel privileges. The program in question may be malware or another form of malicious software.

Devices Affected

Both vulnerabilities have been identified in the following list of devices:-

  • Macs running macOS Monterey
  • iPhone 6s and later
  • iPad Pro (all models)
  • iPad Air 2 and later
  • iPad 5th generation and later
  • iPad mini 4 and later
  • iPod touch (7th generation)

In the event of an attacker exploiting this flaw, arbitrary code would be executed by the attacker. Because it is in the web engine, it is likely that a maliciously crafted website could be used to exploit the vulnerability remotely.

While Apple has revealed that there are active exploits in the wild. But, no additional information has been provided about those attacks yet.

It is still strongly recommended by Apple that users should immediately update their devices with the security updates released recently. The zero-day vulnerabilities used in this attack were only targeted attacks, so they were not widely exploited.

Apple has patched seven zero-day vulnerabilities this year. It has been a record year for Apple in terms of the number of zero-day vulnerabilities that it has patched.

Download Free SWG – Secure Web Filtering – E-book

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

25 Best Managed Security Service Providers in 2024

A Managed Security Service Provider (MSSP) offers a wide range of services, from network security…

4 mins ago

New Satanstealer Malware Steals Browser Cookies and Passwords

A new malware named "Satanstealer" has been identified, targeting browser cookies and passwords. The discovery…

1 hour ago

Microsoft Unveils Ways To Detect Compromised Devices In Your Organization

Microsoft has announced a new way to spot potentially hacked machines in your organization.  Analysts…

1 hour ago

New ScriptBlock Smuggling Attack Let Ackers Bypass PowerShell Security Logs And AMSI

Ever since the introduction of PowerShell v5, there have been less usage of the application…

2 hours ago

Hackers Leveraging New Social Engineering To Run PowerShell And Install Malware

Hackers use social engineering as it focuses on the psychological rather than technological aspects of…

4 hours ago

Hackers Attacking Hotel Owners & Employees as Potential Guests

Since last summer, hotel owners and employees have grappled with a surge in malicious e-mails…

4 hours ago