There’s a major new security update for iOS and macOS, so update now
Apple fixes several zero-days already being abused in the wild
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Applehas released macOS Monterey 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 which addresses two zero-day vulnerabilities being actively exploited in the wild.
One of the flaws, affecting all three forms of the software is an out-of-bounds write vulnerability in the OS Kernel which can be abused to grant malicious applications highest privileges - in other words, an attacker could use it to fully take over a vulnerableendpoint.
The second vulnerability, tracked as CVE-2022-32893, is an out-of-bounds write flaw in WebKit,Safari’s engine used by other apps with web access. This can also be used to take over a vulnerable device, as it allows threat actors to perform arbitrary code execution.
Keep your devices safe
The company said it had been tipped off to the flaws by an anonymous user tipped Apple off, adding that it improved had bounds checking for both bugs.
If your organization runs either Macs withmacOSMonterey, iPhone 6s or later devices, all iPad Pros, iPad Air 2 and newer devices, iPads 5th gen and beyond, iPads mini 4 and newer, or iPod touch 7th generation devices, you should patch immediately, especially because the flaws are being actively exploited.
Apple rolls out emergency patch for gaping security hole in Macs, Watches>Apple just patched a whole load of iPad, macOS and iPhone security bugs, so update now>Remove viruses and ransomware with the best malware protection software around
Apple’s been quite busy fixing zero-day vulnerabilities in recent months. In January 2022, it fixed two such flaws, namely CVE-2022-22578, and CVE-2022-22594, which allowed arbitrary code execution with kernel privileges. A month later, it fixed another zero-day, affecting iPhones, iPads, and Macs, and allowing threat actors to crash the OS and run remote code execution.
In March, it patched CVE-2022-22674, and CVE-2022-22675, both zero-days abused to execute code with Kernel privileges.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
I’ve used Genmoji and now I’m convinced Apple Intelligence will be a huge success
