Security News > 2022 > August > Apple security updates fix 2 zero-days used to hack iPhones, Macs
Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs.
Today, Apple has released macOS Monterey 12.5.1 and iOS 15.6.1/iPadOS 15.6.1 to resolve two zero-day vulnerabilities that are reported to have been actively exploited.
The second zero-day vulnerability is CVE-2022-32893 and is an out-of-bounds write vulnerability in WebKit, the web browser engine used by Safari and other apps that can access the web.
Likely, these zero-days were only used in targeted attacks, but it's still strongly advised to install today's security updates as soon as possible.
In March, Apple patched two more zero-day bugs that were used in the Intel Graphics Driver and AppleAVD that could also be used to execute code with Kernel privileges.
In February, Apple released security updates to fix a new zero-day bug exploited to hack iPhones, iPads, and Macs, leading to OS crashes and remote code execution on compromised devices after processing maliciously crafted web content.
News URL
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- Zero-day data security (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-24 | CVE-2022-32893 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write issue was addressed with improved bounds checking. | 8.8 |