There's a major new security update for iOS and macOS, so update now

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)
Audio player loading…

Apple has released macOS Monterey 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 which addresses two zero-day vulnerabilities being actively exploited in the wild. 

One of the flaws, affecting all three forms of the software is an out-of-bounds write vulnerability in the OS Kernel which can be abused to grant malicious applications highest privileges - in other words, an attacker could use it to fully take over a vulnerable endpoint (opens in new tab)

The second vulnerability, tracked as CVE-2022-32893, is an out-of-bounds write flaw in WebKit, Safari’s engine used by other apps with web access. This can also be used to take over a vulnerable device, as it allows threat actors to perform arbitrary code execution.

Keep your devices safe

The company said it had been tipped off to the flaws by an anonymous user tipped Apple off, adding that it improved had bounds checking for both bugs.

If your organization runs either Macs with macOS (opens in new tab) Monterey, iPhone 6s or later devices, all iPad Pros, iPad Air 2 and newer devices, iPads 5th gen and beyond, iPads  mini 4 and newer, or iPod touch 7th generation devices, you should patch immediately, especially because the flaws are being actively exploited.

Apple’s been quite busy fixing zero-day vulnerabilities in recent months. In January 2022, it fixed two such flaws, namely CVE-2022-22578, and CVE-2022-22594, which allowed arbitrary code execution with kernel privileges. A month later, it fixed another zero-day, affecting iPhones, iPads, and Macs, and allowing threat actors to crash the OS and run remote code execution.

In March, it patched CVE-2022-22674, and CVE-2022-22675, both zero-days abused to execute code with Kernel privileges.

Via: BleepingComputer (opens in new tab)

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.