Apple fixes two critical zero-day vulnerabilities - updates strongly recommended
by Tina Siering
Users of Apple's iPhone, iPad and Mac devices are currently affected by two new critical zero-day vulnerabilities that the manufacturer says could already be actively exploited by hackers:
The vulnerability, designated CVE-2022-32893, is found in WebKit, Apple's HTML rendering software. It allows criminals to execute unauthorized malicious code on iPhones, iPads and Macs via manipulated web applications.
CVE-2022-32894 directly affects the kernel, the central component of Apple's operating system. Attackers who exploit this vulnerability can significantly escalate privileges, gaining a level of administrative rights normally reserved for Apple itself.
The Apple products affected by the vulnerabilities are:
- Macs running macOS Monterey
- iPhone 6s and higher
- iPad Pro (all models), iPad Air 2 and newer, iPad 5th generation and newer, iPad mini 4 and newer, and iPod Touch (7th generation).
Due to the increasing media coverage, it can be assumed that the number of attacks on the security vulnerabilities will rise.
Recommended action:
Apple has already published emergency updates on the support page that fix the vulnerabilities. Users of affected Apple devices should apply these patches immediately.#
Safe versions: iOS: from 15.6.1, macOS: from 12.5.1
Allgeier secion customers with an active managed service contract for Active Cyber Defense (ACD) will of course be informed separately about malicious communications on their systems.