Home Security Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw

Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw

by crpt os


Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild.

The issue, assigned the identifier CVE-2022-32917, is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges.

“Apple is aware of a report that this issue may have been actively exploited,” the iPhone maker acknowledged in a brief statement, adding it resolved the bug with improved bound checks.

An anonymous researcher has been credited with reporting the shortcoming. It’s worth noting that CVE-2022-32917 is also the second Kernel related zero-day flaw that Apple has remediated in less than a month.

CyberSecurity

Patches are available in versions iOS 15.7, iPadOS 15.7, iOS 16, macOS Big Sur 11.7, and macOS Monterey 12.6. The iOS and iPadOS updates cover iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

With the latest fixes, Apple has addressed seven actively exploited zero-day flaws and one publicly-known zero-day vulnerability since the start of the year –

  • CVE-2022-22587 (IOMobileFrameBuffer) – A malicious application may be able to execute arbitrary code with kernel privileges
  • CVE-2022-22594 (WebKit Storage) – A website may be able to track sensitive user information (publicly known but not actively exploited)
  • CVE-2022-22620 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2022-22674 (Intel Graphics Driver) – An application may be able to read kernel memory
  • CVE-2022-22675 (AppleAVD) – An application may be able to execute arbitrary code with kernel privileges
  • CVE-2022-32893 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2022-32894 (Kernel) – An application may be able to execute arbitrary code with kernel privileges

Besides CVE-2022-32917, Apple has plugged 10 security holes in iOS 16, spanning Contacts, Kernel Maps, MediaLibrary, Safari, and WebKit. The iOS 16 update is also notable for incorporating a new Lockdown Mode that’s designed to make zero-click attacks harder.

CyberSecurity

iOS further introduces a feature called Rapid Security Response that makes it possible for users to automatically install security fixes on iOS devices without a full operating system update.

“Rapid Security Responses deliver important security improvements more quickly, before they become part of other improvements in a future software update,” Apple said in a revised support document published on Monday.

Lastly, iOS 16 also brings support for passkeys in the Safari web browser, a passwordless sign-in mechanism that allows users to log in to websites and services by authenticating via Touch ID or Face ID.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex