Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917)
Apple has fixed a slew of vulnerabilities in macOS, iOS, and iPadOS, including a zero-day kernel vulnerability (CVE-2022-32917) exploited by attackers in the wild.
CVE-2022-32917, reported by an anonymous researcher, may allow a malicious application to execute arbitrary code with kernel privileges.
“Apple is aware of a report that this issue may have been actively exploited,” the company said, and noted that the vulnerability has been remediated with improved bounds checks.
As is Apple’s custom, details about the attack(s) taking advantage of this flaw have not been shared, but it’s likely that they are targeted and limited. Nevertheless, users are advised to update their Apple devices as soon as possible.
The updates also contain fixes for similar and less critical vulnerabilities. The Big Sur update also contains a fix for CVE-2022-32894, fixed in August in iOS 15.6.1 and iPadOS 15.6, and macOS 12.5.1.
Apple has been busy fixing zero-days
This is the eight time this year that Apple fixes a zero-day vulnerability in the operating systems powering their Macs and iPhones.
Apple has also released security updates for tvOS and watchOS, but has not yet shared what specific vulnerabilities have been patched in those.
iOS 16 is the most current major release of the iOS mobile operating system, which comes with several new security and privacy features.