iPhone Users Urged to Update to Patch 2 Zero-Days
Apple has urged macOS, iPhone, and iPad users to immediately install updates this week that include security updates for two zero-days that are actively under attack, according to the company. The patches fix vulnerabilities that allow attackers to execute arbitrary code and take over devices. The flaws lie in the kernel and WebKit functions. The vulnerabilities basically impact all Apple devices that can run either iOS 15 or the Monterey version of its desktop, according to the security update. One of the flaws is tracked as CVE-2022-32894 and is reportedly a kernel bug. Apple stated that it is an out of bounds write issue that has since been improved.
The second flaw is tracked as CVE-2022-32893 and is an out-of bounds write issue that Apple has been able to patch. This flaw would allow an attacker to deploy malicious web content that can lead to code execution. This flaw is reportedly under active exploit, according to Apple. Since the flaw affects WebKit, the browser engine that powers Safari, it could be dangerous to Apple users. Discovery of the pair of flaws was credited to an unknown researcher.