Apple fixes 2 zero-days (CVE-2022-32894 and CVE-2022-32893) in iOS 15.6.1 and macOS Monterey 12.5.1 (update now!)

Apple has released security updates for Apple iOS 15.6.1, iPadOS 15.6.1, macOS Monterey 12.5.1, and Safari 15.6.1. The updates include fixes for two zero-day vulnerabilities (CVE-2022-32894 and CVE-2022-32893) under attack in the wild.

A remote attacker could exploit some of these vulnerabilities to take control of unpatched systems.

iOS 15.6.1 and iPadOS 15.6.1

The latest iOS 15.6.1 and iPadOS 15.6.1 security update, released on August 17, addressed two vulnerabilities (CVE-2022-32894 and CVE-2022-32893) that have been exploited in the wild.

“Apple is aware of a report that this issue may have been actively exploited,” Apple warned in the advisory.

The WebKit flaw CVE-2022-32893 could allow the processing of maliciously crafted web content and lead to arbitrary code execution. WebKit is Apple’s HTML rendering software and is part of Apple’s browser engine.

In other words, a cybercriminal could booby trap a website to trick your iPhone/iPad into running unauthorized software and plant malware on your device.

The second zero-day CVE-2022-32894 could allow a malicious application to execute arbitrary code with kernel privileges. An attacker would likely first need to compromise the victim’s device via previously mentioned WebKit flaw.

The update is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

macOS Monterey 12.5.1

In addition, Apple released a security update on August 18 for macOS Monterey 12.5.1 with fixes for the same two previously mentioned zero-day vulnerabilities (CVE-2022-32894 and CVE-2022-32893) in iOS that have been exploited in the wild.

The update is available for all versions of macOS Monterey.

Safari 15.6.1

The Safari security update 15.6.1 also fixed the WebKit vulnerability CVE-2022-32893 exploited in the wild.

The Safari update is available for macOS Big Sur and macOS Catalina.

Other products

Finally, an upgrade to watchOS 8.7.1 version was also made available, but Apple did not publish any CVEs.

Readers can check out the Apple Security Updates for the latest details for all Apple products.

Related Articles