Security News > 2022 > August > iPhone Users Urged to Update to Patch 2 Zero-Days
Apple is urging macOS, iPhone and iPad users immediately to install respective updates this week that includes fixes for two zero-days under active attack.
Patches address two flaws, which basically impact any Apple device that can run either iOS 15 or the Monterey version of its desktop OS, according to security updates released by Apple Wednesday.
One of the flaws is a kernel bug, which is present both in iOS and macOS. According to Apple it is an "Out-of-bounds write issue [that] was addressed with improved bounds checking."
One expert expressed worry that the latest Apple flaws "Could effectively give attackers full access to device," they might create a Pegasus-like scenario similar to the one in which nation-state APTs barraged targets with spyware made by Israeli NSO Group by exploiting an iPhone vulnerability.
The onus is not only on vendors to protect these devices but also for users to be more aware of existing threats, Whaley observed.
"While we all rely on our mobile devices, they are not invulnerable, and as users we need to maintain our guard just like we do on desktop operating systems," he said in an email to Threatpost.
News URL
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Related news
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)