For a zero-day vulnerability in its macOS and iOS operating systems that has already been exploited, Apple released emergency updates on Monday.
In a security advisory alerting users to code execution vulnerabilities in fully patched iPhone, iPad, and macOS devices, Apple verified the vulnerability’s exploitation.
![](https://www.securitynewspaper.com/snews-up/2022/09/apple-updates.jpg)
The following devices are affected:
iPhone 6s and after, all versions of the iPad Pro, iPad mini 4 and later, iPad Air 2 and later, iPad 5th generation and later, and the 7th-generation iPod touch
Moreover, Macs using macOS Monterey 12.6 and Big Sur 11.7
An adversary might take advantage of the CVE-2022-32917 vulnerability to execute a malicious script with kernel privileges by utilizing a specially created application.
Apple also patches a number of other bugs in these security upgrades, but the following are the most critical ones:
CVE-2022-32886: A vulnerability involving a buffer overflow was fixed by better memory management.
CVE-2022-32868: Improved state management resolved a logic flaw.
CVE-2022-32912: Improved bounds checking was used to mitigate an out-of-bounds read.
Apple also stated that it advises customers who are impacted by the vulnerability but have not yet upgraded to do so as soon as feasible.
A maliciously constructed application might take advantage of the weakness (tagged as CVE-2022-32917) to run arbitrary code with kernel privileges. An unnamed researcher discovered this issue. The apple stated, “Apple is aware of this vulnerability that may have been actively exploited.
![](https://www.securitynewspaper.com/snews-up/2020/01/IMG-20200124-WA0007-e1579911465772.jpg)
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.
![](https://mrhacker.co/wp-content/uploads/2019/08/logo-7.png)