Elain Brown Tech 08.17.2022 22:Aug PM EDT

Apple Releases Security Updates to Fix Two Zero-Day Vulnerabilities Attackers Use to Hack iPhones, iPads, and Macs

Apple released an emergency security update to address the exploited zero-day vulnerabilities.

Apple products such as Macs, iPads, and iPhones have been affected by two vulnerabilities that were detected.

To address two zero-day vulnerabilities that have reportedly been actively exploited, Apple has issued fixes in macOS Monterey 12.5.1 and iOS 15.6.1/iPadOS 15.6.1.

The devices affected by the zero-day vulnerabilities are iPhone 6s and later, Macs running macOS Monterey, iPad Air 2 and later, all models of iPad Pro, iPad 5th generation and later, iPod touch (7th generation), and iPad mini 4 and later.

Apple Zero-Day Vulnerabilities

Apple's security update comes as a response to the bugs reported by anonymous researchers.

Following this, the company delivered remedies for both bugs in macOS Monterey 12.5.1, iPadOS 15.6.1, and Apple in iOS 15.6.1. These updates included enhanced bounds checking.

According to BleepingComputer, Apple has issued a fix for the zero-day vulnerability that is being tracked as CVE-2022-32893. It is a vulnerability known as an out-of-bounds write that exists in WebKit, the web browser engine that Safari and other applications that can access the internet use.

Apple describes this vulnerability as a bug that would enable an adversary to achieve arbitrary code execution and, as it's in the web engine, it could likely be exploited remotely by visiting a page that was maliciously created.

Another vulnerability that was detected was CVE-2022-32894. This bug is a write vulnerability in the kernel of the operating system that allows for writing outside of the allowed range.

In macOS, iPadOS, and iOS, the "kernel" is a piece of software that serves as the central component of an operating system and has the greatest privileges available.

A program, such as malicious software, might take advantage of this vulnerability to run code with the privileges of the kernel. Since this is the ultimate privilege level, a process would be able to execute any command on the device, thereby gaining full control of it.

Apple revealed that the exploit was being used in the wild. Despite this, it has not disclosed any additional information concerning these assaults.

Even though it's highly likely that these zero-days were only exploited in targeted attacks, it's still highly recommended that users install today's security updates as soon as they possibly can.

Apple Security Update

Apple has reportedly patched seven zero-day vulnerabilities, including the recently addressed bugs.

In January, the company addressed the vulnerabilities CVE-2022-22587 and CVE-2022-22594. There was also a zero-day bug exploited in February that hacked Apple products.

Additionally, in March, Apple addressed the bugs that were in the Intel Graphics Driver, tracked as CVE-2022-22674, and the AppleAVD, tracked as CVE-2022-22675.

This update was implemented in response to recent developments inside the company, in which employees were informed that beginning September 5, they will be required to report to the office three days per week.

iTechPost recently reported that this announcement finally kicks off its long-awaited hybrid workplace model. Every worker in the Bay Area is going to be responsible for reporting to work on Tuesdays and Thursdays.

In addition to a third day of the week that will be selected based on the particular needs of each team.