Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities

Products You May Like

Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices.

The list of issues is below –

  • CVE-2022-32893 – An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content
  • CVE-2022-32894 – An out-of-bounds issue in the operating system’s Kernel that could be abused by a malicious application to execute arbitrary code with the highest privileges

Apple said it addressed both the issues with improved bounds checking, adding it’s aware the vulnerabilities “may have been actively exploited.”

The company did not disclose any additional information regarding these attacks or the identities of the threat actors perpetrating them, although it’s likely that they were abused as part of highly-targeted intrusions.


The latest update brings the total number of zero-days patched by Apple to six since the start of the year –

  • CVE-2022-22587 (IOMobileFrameBuffer) – A malicious application may be able to execute arbitrary code with kernel privileges
  • CVE-2022-22620 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2022-22674 (Intel Graphics Driver) – An application may be able to read kernel memory
  • CVE-2022-22675 (AppleAVD) – An application may be able to execute arbitrary code with kernel privileges

Both the vulnerabilities have been fixed in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1. The iOS and iPadOS updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Cyber Security

Products You May Like

Articles You May Like

Why Organisations Need Both EDR and NDR for Complete Network Protection
Cosmicflows-4: Astronomers Assemble Largest Catalogue of 56,000 Galaxy Distances
NASA’s DART Mission First Step Towards Preventing Possible Asteroid Armageddon, Indian Scientists Say
Twitter to Depose Tesla CEO Elon Musk, Known for ‘Combative’ Testimony, Ahead of Upcoming Legal Battle
State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations

Leave a Reply

Your email address will not be published.