Security News > 2022 > August > Apple fixes exploited zero-days: Update your devices! (CVE-2022-32894, CVE-2022-32893)

Apple has released security updates for iOS, iPadOS, and macOS Monterey to fix CVE-2022-32894 and CVE-2022-32893, two code execution vulnerabilities exploited by attackers in the wild.

CVE-2022-32894 is out-of-bounds write issue in the operating systems' kernel that can be exploited by a malicious application to execute arbitrary code with kernel privileges.

CVE-2022-32893 is out-of-bounds write issue in WebKit - Apple's browser engine that powers its Safari web browser and all iOS web browsers - that can be triggered by the processing of maliciously crafted web content.

As per usual, Apple did not share details about the attacks that leverage the two zero-days, but it's likely that the flaws are being exploited for targeted attacks.

MacOS users who use Google Chrome and don't have automatic updating switched on should also make sure to update that browser, because Google has pushed out a new version that fixes - among other vulnerabilities - CVE-2022-2856, an improper input validation bug affecting Chrome Intent.

"A Chrome Intent is a mechanism for triggering apps directly from a web page, in which data on the web page is fed into an external app that's launched to process that data," noted Paul Ducklin, Principal Research Scientist at Sophos.

News URL

https://www.helpnetsecurity.com/2022/08/18/cve-2022-32894-cve-2022-32893-cve-2022-2856/