Apple iOS and macOS Updates to Patch For Actively Exploited Zero-Day Flaw
Reading Time: 2 minutes

Apple iOS and macOS Updates to patch for actively exploited Zero-Day flaw has been released. Bad actors have been using this vulnerability to carry out attacks in the wild. The CVE-2022-32917 vulnerability is rooted in the Kernel component enabling bad actors to execute arbitrary code with kernel privileges via a malicious app.

According to Apple, they are aware of the issue which may have been actively exploited and have resolved the bug with improved bound checks.

An anonymous researcher reported the CVE-2022-32917 vulnerability, it is also the second Kernel related zero-day flaw that Apple has remediated earlier last month.

Here are the iOS and iPadOS iterations to be updated: iOS 15.7, iPadOS 15.7, iOS 16, macOS Big Sur 11.7, and macOS Monterey 12.6

7 Most recent fixes Apple has addressed that actively exploited zero-day flaws and one publicly-known zero-day vulnerability this year:

  1. CVE-2022-22587 (IOMobileFrameBuffer) – A malicious application may be able to execute arbitrary code with kernel privileges
  2. CVE-2022-22594 (WebKit Storage) – A website may be able to track sensitive user information (publicly known but not actively exploited)
  3. CVE-2022-22620 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
  4. CVE-2022-22674 (Intel Graphics Driver) – An application may be able to read kernel memory
  5. CVE-2022-22675 (AppleAVD) – An application may be able to execute arbitrary code with kernel privileges
  6. CVE-2022-32893 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
  7. CVE-2022-32894 (Kernel) – An application may be able to execute arbitrary code with kernel privileges

Apple has also plugged 10 security vulnerabilities in iOS 16, with Contacts, Kernel Maps, MediaLibrary, Safari, and WebKit all having some vulnerabilities. The update also incorporates a new Lockdown Mode to help protect the device from zero-click attacks.

Apple introduced new features that make it possible for users to keep their devices secured without downloading the latest full operating system updates. Rapid Security Response will automatically download, install and apply security patches.

Apple is making it easier to keep your iOS device secure by delivering Rapid Security Responses before they become part of progress updates with new security advancements.

Lastly, Passkeys are possible in Safari on iOS 16. They use authentication via Touch ID or Face ID to log in to websites and services.

Related Articles:
Yanluowang Ransomware Group Behind the May Attack on Cisco Systems
Chinese-linked Scammers Steal $529 million from Indian Nationals
High-Severity Firmware Security Flaws Remain Unpatched in HP Enterprise Devices