Security News > 2022 > September > Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917)
Apple has fixed a slew of vulnerabilities in macOS, iOS, and iPadOS, including a zero-day kernel vulnerability exploited by attackers in the wild.
"Apple is aware of a report that this issue may have been actively exploited," the company said, and noted that the vulnerability has been remediated with improved bounds checks.
The vulnerability has been fixed in macOS 12.6, macOS 11.7, iOS 16, and iOS 15.7 and iPadOS 15.7.
The Big Sur update also contains a fix for CVE-2022-32894, fixed in August in iOS 15.6.1 and iPadOS 15.6, and macOS 12.5.1.
This is the eight time this year that Apple fixes a zero-day vulnerability in the operating systems powering their Macs and iPhones.
iOS 16 is the most current major release of the iOS mobile operating system, which comes with several new security and privacy features.
News URL
https://www.helpnetsecurity.com/2022/09/13/cve-2022-32917/
Related news
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-24 | CVE-2022-32894 | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |