Security News > 2022 > August > Apple security updates fix 2 zero-days used to hack iPhones, Macs

Apple security updates fix 2 zero-days used to hack iPhones, Macs
2022-08-17 22:35

Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs.

Today, Apple has released macOS Monterey 12.5.1 and iOS 15.6.1/iPadOS 15.6.1 to resolve two zero-day vulnerabilities that are reported to have been actively exploited.

The second zero-day vulnerability is CVE-2022-32893 and is an out-of-bounds write vulnerability in WebKit, the web browser engine used by Safari and other apps that can access the web.

Likely, these zero-days were only used in targeted attacks, but it's still strongly advised to install today's security updates as soon as possible.

In March, Apple patched two more zero-day bugs that were used in the Intel Graphics Driver and AppleAVD that could also be used to execute code with Kernel privileges.

In February, Apple released security updates to fix a new zero-day bug exploited to hack iPhones, iPads, and Macs, leading to OS crashes and remote code execution on compromised devices after processing maliciously crafted web content.


News URL

https://www.bleepingcomputer.com/news/security/apple-security-updates-fix-2-zero-days-used-to-hack-iphones-macs/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-08-24 CVE-2022-32893 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write issue was addressed with improved bounds checking.
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349