Apple fixes two zero-day vulnerabilities and security updates for iOS, iPadOS, macOS platforms.
However, it is likely that they were used in highly-targeted intrusions, as the company did not disclose any further information regarding these attacks or who carried them out.
iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1 all contain updates that address both vulnerabilities. For iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation), iOS and iPadOS updates are now available.
Safari
- CVE-2022-32893
macOS
- CVE-2022-32893
- CVE-2022-32894
iOS and iPadOS
- CVE-2022-32893
- CVE-2022-32894
In Safari 15.6.1
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
macOS Monterey 12.5.1
Kernel
- Available for: macOS Monterey
- Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE – CVE-2022-32894: an anonymous researcher | Description
WebKit
- Available for: macOS Monterey
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
WebKit Bugzilla: 243557 - CVE – CVE-2022-32893: vulnerability reported by an anonymous researcher
iOS 15.6.1 and iPadOS 15.6.1
Update released on August 17, 2022 | Description
For Kernel
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE – CVE-2022-32894, vulnerability reported by anonymous researcher
For WebKit
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE – CVE-2022-32893: vulnerability reported by reported by anonymous researcher
How to Update Apple macOS and Software?
- Choose System Preferences from the Apple menu in the upper left hand corner of your screen.
- Click Software Update in the System Preferences window.
- Use the App Store instead of System Preferences if you are unable to find Software Update in your System Preferences.
- All updates and upgrades should be installed.