Update your Mac and iOS devices ASAP, Apple just patched actively exploited vulnerabilities

Daniel Sims

Posts: 594   +21
Staff
PSA: Apple just released a small-but-important security update for iPhones, iPads, and Macs to fix a couple of exploits. Users should probably install the patches as soon as possible, as Apple thinks attackers may have already exploited these flaws. The updates contain no other changes.

On Wednesday, Apple released iOS and iPadOS 15.6.1 along with macOS Monterey 12.5.1. The only changes these upgrades bring are fixes for two serious vulnerabilities that could let attackers execute arbitrary code on users' devices.

The first exploit – tagged CVE-2022-32894 – could grant programs kernel-level privileges with which to execute arbitrary code. The second – labeled CVE-2022-32893 – is a WebKit flaw that could let malicious web pages run arbitrary code. WebKit is the platform underpinning Apple's Mail app, Safari, and all iOS web browsers. Reports indicate bad actors have already started using both exploits.

Apple didn't release any other details about the vulnerabilities, crediting anonymous researchers with their discovery. However, the WebKit flaw's page on WebKit Bugzilla credits Yusuke Suzuki with reporting the exploit on August 4.

iOS and iPadOS 15.6.1 are available for the iPhone 6s and later, all iPad Pro models, the iPad Air 2 and later, iPad 5th generation and newer, iPad mini 4 and later, and the 7th generation iPod touch. Users can update by heading to Settings > General > Software Update. Update macOS by navigating to System Preferences > Software Update.

A new version of watchOS (8.7.1) also went out on Wednesday, though without a description, so it isn't clear if it's connected to the same issue. That update is only available for the Apple Watch Series 3.

Although apple patched Monterey, it hasn't patched its predecessors – Big Sur and Catalina – which are still popular. It isn't known whether the older macOS versions are vulnerable or if Apple is prioritizing Monterey.

The latter has been the case before. Earlier this week, a security researcher discovered that Big Sur and Catalina are still susceptible to a severe exploit that Apple patched in Monterey last year. It could break through every macOS security layer and expose every file on a Mac. Last November, Apple fixed a vulnerability in Catalina only after many users suffered a cyberattack using the exploit. The company had long since patched Big Sur against the same flaw.

Permalink to story.

 

TheRealSCDC

Posts: 316   +439
I'm sort of a "fanboy" but don't warship Apple. Glad they are at least trying to keep IOS Tight. I still think that it has become bloated with so many useless features though. For something that I basically text, call and look at health/fitness. That's all.

Now my iPad is truly entertainment.
 

BuckarooBonzai

Posts: 142   +105
I think alot of the OSs can be hardened down but if it was then Government agencies will have a hard time with them especially law enforcement. We already hear complaints from law enforcement regarding end to end encryption for apps on cell phones.
 

mattsie

Posts: 68   +40
I think alot of the OSs can be hardened down but if it was then Government agencies will have a hard time with them especially law enforcement. We already hear complaints from law enforcement regarding end to end encryption for apps on cell phones.

What? That is just the front. Gov has backdoors to get into any Apple product, Windows, Android. They might not share it tho for solving "smaller" crimes.