For a zero-day vulnerability in its macOS and iOS operating systems that has already been exploited, Apple released emergency updates on Monday.
In a security advisory alerting users to code execution vulnerabilities in fully patched iPhone, iPad, and macOS devices, Apple verified the vulnerability’s exploitation.
The following devices are affected:
iPhone 6s and after, all versions of the iPad Pro, iPad mini 4 and later, iPad Air 2 and later, iPad 5th generation and later, and the 7th-generation iPod touch
Moreover, Macs using macOS Monterey 12.6 and Big Sur 11.7
An adversary might take advantage of the CVE-2022-32917 vulnerability to execute a malicious script with kernel privileges by utilizing a specially created application.
Apple also patches a number of other bugs in these security upgrades, but the following are the most critical ones:
CVE-2022-32886: A vulnerability involving a buffer overflow was fixed by better memory management.
CVE-2022-32868: Improved state management resolved a logic flaw.
CVE-2022-32912: Improved bounds checking was used to mitigate an out-of-bounds read.
Apple also stated that it advises customers who are impacted by the vulnerability but have not yet upgraded to do so as soon as feasible.
A maliciously constructed application might take advantage of the weakness (tagged as CVE-2022-32917) to run arbitrary code with kernel privileges. An unnamed researcher discovered this issue. The apple stated, “Apple is aware of this vulnerability that may have been actively exploited.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.