Critical zero day vulnerability in iOS and macOS affecting iPhone, iPad, iPod and Macs. Update immediately

For a zero-day vulnerability in its macOS and iOS operating systems that has already been exploited, Apple released emergency updates on Monday.

In a security advisory alerting users to code execution vulnerabilities in fully patched iPhone, iPad, and macOS devices, Apple verified the vulnerability’s exploitation.

The following devices are affected:

iPhone 6s and after, all versions of the iPad Pro, iPad mini 4 and later, iPad Air 2 and later, iPad 5th generation and later,  and the 7th-generation iPod touch

Moreover, Macs using macOS Monterey 12.6 and  Big Sur 11.7

An adversary might take advantage of the CVE-2022-32917 vulnerability to execute a malicious script with kernel privileges by utilizing a specially created application.

Apple also patches a number of other bugs in these security upgrades, but the following are the most critical ones:

CVE-2022-32886: A vulnerability involving a buffer overflow was fixed by better memory management.

CVE-2022-32868: Improved state management resolved a logic flaw.

CVE-2022-32912: Improved bounds checking was used to mitigate an out-of-bounds read.

Apple also stated that it advises customers who are impacted by the vulnerability but have not yet upgraded to do so as soon as feasible.

A maliciously constructed application might take advantage of the weakness (tagged as CVE-2022-32917) to run arbitrary code with kernel privileges. An unnamed researcher discovered this issue. The apple stated, “Apple is aware of this vulnerability that  may have been actively exploited.