However, both of these issues have been addressed by Apple’s emergency security updates released recently. The zero-day flaw refers to a vulnerability that attackers are aware of yet hasn’t been patched or not discovered by the software vendor.
Zero-day exploits are often available as public proofs-of-concept, or active attacks exploit them. There have been two zero-day vulnerabilities in Apple’s products that have been fixed in the following updates.
There have been several reports of these vulnerabilities being actively exploited by hackers. Here below, we have mentioned the updates:-
- macOS Monterey 12.5.1
- iOS 15.6.1
- iPadOS 15.6.1
Here below, we have mentioned the detected two zero-day vulnerabilities:-
- CVE-2022-32894: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE-2022-32893: An out-of-bounds write issue was addressed with improved bounds checking.
An anonymous researcher reported these two vulnerabilities, and all three operating systems suffer from the same two vulnerabilities in terms of their security.
Kernels are programs that function as the heart of an OS, acting as components that communicate with one another. Apple’s Mac OS, iPad OS, and iOS all have a kernel that offers the highest level of privileges.
This vulnerability can be used by an application to execute code with kernel privileges. The program in question may be malware or another form of malicious software.
Both vulnerabilities have been identified in the following list of devices:-
- Macs running macOS Monterey
- iPhone 6s and later
- iPad Pro (all models)
- iPad Air 2 and later
- iPad 5th generation and later
- iPad mini 4 and later
- iPod touch (7th generation)
In the event of an attacker exploiting this flaw, arbitrary code would be executed by the attacker. Because it is in the web engine, it is likely that a maliciously crafted website could be used to exploit the vulnerability remotely.
While Apple has revealed that there are active exploits in the wild. But, no additional information has been provided about those attacks yet.
It is still strongly recommended by Apple that users should immediately update their devices with the security updates released recently. The zero-day vulnerabilities used in this attack were only targeted attacks, so they were not widely exploited.
Apple has patched seven zero-day vulnerabilities this year. It has been a record year for Apple in terms of the number of zero-day vulnerabilities that it has patched.