Apple fixes iPhone and macOS errors under active attack • The Register

Apple has pushed five security fixes, including two vulnerabilities in its iPhones, iPads and Mac operating systems that are already being exploited.

One of these, tracked as CVE-2022-32917, can be used to allow malicious applications to run arbitrary code with kernel privileges. “Apple is aware of a report that this issue may have been actively exploited,” said a security warning posted Monday.

The vendor said it has fixed the bug with improved border controls and released patches for iPhone 6 and later, iPad Pro (all models), iPad Air 2 and later, and iPad 5, iPad mini 4 and iPod touch (7th generation) models. and all newer kits.

It has also patched macOS Monterey 12.6 and macOS Big Sur 11.7 versions with bugs that can be exploited with the same CVE, so we recommend all Mac users to patch their Monday night.

Maybe while watching Apple TV, which also requires some updates to fix security flaws in tvOS 16 – but the vendor hasn’t released any details on that yet. So it’s up to you or Ted Lasso is worth the risk.

Meanwhile, Apple has also released patches for another bug (CVE-2022-32894) that Apple claims has been “actively exploited” on computers running macOS Big Sur 11.7.

This comes less than a month after the company released a security update for the same vulnerability in older iPhones and iPads running iOS. It’s likely that miscreants also took advantage of this bug, Apple said at the time.

CVE-2022-32894, which also allows applications to run arbitrary code with kernel privileges, is caused by an out-of-bounds write error. The supplier said it fixed the bug with improved border control.

Apple has not disclosed any additional details about these two vulnerabilities or how they are being exploited by cybercriminals. Both were reported by anonymous bug hunters.

In total, the vendor released five security updates Monday, including 16 CVEs in its Safari 16 web browser with macOS Big Sur and macOS Monterey, iOS 16 in iPhone 8 and later, macOS Monterey 12.6, macOS Big Sur 11.7 and iOS 15.7, and iPadOS 15.7 for most models of its iPhone and iPad products, as well as for seventh-generation iPad touch devices.

It also promised to “make details available soon” for bugs in tvOS 16 and watchOS 9, so keep hitting refresh on the security update page.

The solutions come just days after Apple’s latest product premiere, dubbed “Far Out,” unveiled the company’s iPhone 14, Apple Watch 8 and the company’s second-generation AirPods Pro earbuds. ®