Apple iPhones, iPads, and Macs are infested with two critical zero-day vulnerabilities that, if exploited, would let attackers take over the devices with remote commands.
So in order to secure them, Apple released a security update for all these devices, patching these concerned zero-day bugs. Apple noted active exploitations of these bugs already, so it recommends users update their devices immediately.
Zero-Day Vulnerabilities in Apple Devices
Though we tout that Apple offers some of the best-secured devices, they’re still infested with some kind of bugs every now and then. The latest one in this pursuit is two critical zero-day vulnerabilities found in iPhones, iPads, and Macs.
Zero-Day Vulnerabilities are the bugs that aren’t patched or even acknowledged by the concerned OEM before hackers start exploiting them. Two of such have been spotted in Apple devices, which Apple said are under active exploitation.
One is an out-of-bound write vulnerability in the operating system’s Kernel, which is tracked as CVE-2022-32894 and has root privileges of the device. While the other is an out-of-bound write vulnerability in WebKit, tracked as CVE-2022-32893 also has deep privileges to the system.
Apple’s WebKit is a web browser engine used by Safari and other apps for accessing the web. Exploitation of this will allow the attacker to execute malicious code remotely by making the target visit a specially crafted website.
Since they’re under active exploitation, Apple released macOS Monterey 12.5.1 and iOS 15.6. 1 and iPadOS 15.6.1 to resolve the bugs. Below are the devices affected by these security bugs and recommended to install Apple’s latest security patch;
- Macs running macOS Monterey
- iPhone 6s and later
- iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Other Trending News:- News