Apple fixes two critical zero-day vulnerabilities - updates strongly recommended
by Tina Siering
Users of Apple's iPhone, iPad and Mac devices are currently affected by two new critical zero-day vulnerabilities that the manufacturer says could already be actively exploited by hackers:
The vulnerability, designated CVE-2022-32893, is found in WebKit, Apple's HTML rendering software. It allows criminals to execute unauthorized malicious code on iPhones, iPads and Macs via manipulated web applications.
CVE-2022-32894 directly affects the kernel, the central component of Apple's operating system. Attackers who exploit this vulnerability can significantly escalate privileges, gaining a level of administrative rights normally reserved for Apple itself.
The Apple products affected by the vulnerabilities are:
- Macs running macOS Monterey
- iPhone 6s and higher
- iPad Pro (all models), iPad Air 2 and newer, iPad 5th generation and newer, iPad mini 4 and newer, and iPod Touch (7th generation).
Due to the increasing media coverage, it can be assumed that the number of attacks on the security vulnerabilities will rise.
Apple has already published emergency updates on the support page that fix the vulnerabilities. Users of affected Apple devices should apply these patches immediately.#
Safe versions: iOS: from 15.6.1, macOS: from 12.5.1
Allgeier secion customers with an active managed service contract for Active Cyber Defense (ACD) will of course be informed separately about malicious communications on their systems.