Security News > 2022 > September > Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917)

Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917)
2022-09-13 08:41

Apple has fixed a slew of vulnerabilities in macOS, iOS, and iPadOS, including a zero-day kernel vulnerability exploited by attackers in the wild.

"Apple is aware of a report that this issue may have been actively exploited," the company said, and noted that the vulnerability has been remediated with improved bounds checks.

The vulnerability has been fixed in macOS 12.6, macOS 11.7, iOS 16, and iOS 15.7 and iPadOS 15.7.

The Big Sur update also contains a fix for CVE-2022-32894, fixed in August in iOS 15.6.1 and iPadOS 15.6, and macOS 12.5.1.

This is the eight time this year that Apple fixes a zero-day vulnerability in the operating systems powering their Macs and iPhones.

iOS 16 is the most current major release of the iOS mobile operating system, which comes with several new security and privacy features.


News URL

https://www.helpnetsecurity.com/2022/09/13/cve-2022-32917/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-08-24 CVE-2022-32894 Out-of-bounds Write vulnerability in Apple products
An out-of-bounds write issue was addressed with improved bounds checking.
local
low complexity
apple CWE-787
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349