August 18, 2022
Apple Patches 2 Actively Exploited 0-Day RCE Vulnerabilities in MacOS & iOS
Apple has released an emergency update patching 2 actively exploited 0-day RCE vulnerabilities, one of which allows arbitrary code execution with kernel privileges.
Both vulnerabilities affect macOS ‘Monterey’, iOS and iPadOS.
- CVE-2022-32894 – An out-of-bounds write vulnerability in the kernel may allow an application to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
- CVE-2022-32893 – An out-of-bounds write vulnerability in WebKit, that allows processing maliciously crafted web content and may lead to arbitrary code execution.
Apple is aware of reports that both vulnerabilities may have been actively exploited, but did not release any additional information.
- Macs running macOS ‘Monterey’ prior to version 12.5.1.
- iPhones running iOS prior to 15.6.1
- iPads running iPadOS prior to 15.6.1
CYREBRO recommends to updating macOS ‘Monterey’ to version 12.5.1 or newer to mitigate the vulnerabilities.
For iPhones and iPads, update to version 15.6.1 or newer.
References: Apple Advisory