Concise Cyber

Subscribe below for free to get these delivered straight to your inbox

Advertisements
Urgent Update: Apple Patches Two Actively Exploited Zero-Day Flaws in iOS and macOS
Advertisements

Apple has issued emergency security updates for iPhones, iPads, and Macs to address two critical zero-day vulnerabilities. The company confirmed that both flaws may have been actively exploited in the wild, prompting security experts to urge users to install the patches immediately.

The updates, released as iOS 15.6.1 and macOS Monterey 12.5.1, are available for any device capable of running iOS 15 or the Monterey version of the desktop operating system. The vulnerabilities could allow attackers to execute arbitrary code and gain complete control over an affected device.

The Two Zero-Day Vulnerabilities

The first flaw, tracked as CVE-2022-32894, is an out-of-bounds write issue within the kernel, the core of the operating system. According to Apple, this vulnerability could allow a malicious application to execute code with the highest level of privileges (kernel privileges). This flaw impacts both iOS and macOS devices.

The second vulnerability, CVE-2022-32893, resides in WebKit, the browser engine that powers Safari and all third-party browsers on iOS. This is also an out-of-bounds write issue, which can be triggered when a device processes maliciously crafted web content. A successful exploit could lead to arbitrary code execution. Discovery of both vulnerabilities was credited to an anonymous researcher.

Expert Warnings and Recommendations

Cybersecurity experts have expressed significant concern, warning that these flaws could give attackers full access to a user’s device, drawing comparisons to the powerful Pegasus spyware. Rachel Tobac, CEO of SocialProof Security, advised the general public to update their software by the end of the day. For high-risk individuals such as journalists, activists, or those targeted by nation-states, she stressed the need to “update now.”

This incident highlights the ongoing challenge major tech companies face in securing their software. The responsibility, however, also falls on users to remain vigilant and apply security patches as soon as they become available to protect their personal data and privacy from ever-present threats.

All articles are written here with the help of AI on the basis of openly available information which cannot be independently verified. We do strive to quote the relevant sources.The intent is only to summarise what is already reported in public forum in our own wordswith no intention to plagarise or copy other person’s work.The publisher has no intent to defame or cause offence to anyone, any person or any organisation at any moment.The publisher assumes no responsibility for any damage or loss caused by making decisions on the basis of whatever is published on cyberconcise.com.You’re advised to do your own checks and balances before making any decision, and owners and publishers at cyberconcise.com cannot be held accountable for its resulting ramifications.If you have any objections, concerns or point out anything factually incorrect, please reach out using the form on https://concisecyber.com/about/

Discover more from Concise Cyber

Subscribe now to keep reading and get access to the full archive.

Continue reading