Zero-day vulnerabilities used to hack Apple devices get patched

August 26, 2022
Zero-Day Vulnerability Flaw Hack Apple Devices Patched iPadOS macOS iOS

The tech giant Apple has released security updates to address the two zero-day flaws that threat actors exploited to hack several of their devices, including Macs, iPads, and iPhones. Apple launched the macOS Monterey 12.5.1 and iOS 15.6.1 to fix a couple of zero-day vulnerabilities that are actively abused worldwide.

The three operating systems suffered the same flaws that researchers as tracked CVE-2022-32894. Based on reports, the vulnerability is an out-of-bounds write flaw in the OS’s Kernel.

A malware disguised as an application could use this critical vulnerability to run a code with Kernel privileges. Since the kernel has the highest privilege, it could perform any commands on the infected device, potentially taking over.

Another zero-day vulnerability tracked as CVE-2022-32893 is also an out-of-bounds write flaw in WebKit.

 

The default apps in Apple devices are also a vector for infection.

 

WebKit is a web browser engine utilised by Safari and other applications that can access the web. Apple explained that the flaw would enable an attacker to execute an arbitrary code and could likely be abused remotely by accessing a maliciously developed website.

Fortunately, the vulnerabilities were reported by an anonymous researcher and addressed by the responsible company in patch 15.6.1 in iOS. Further, Apple released the iPadOS 15.6.1 and macOS Monterey 12.5.1 with improved bounds checking for the two flaws.

Apple then announced the active exploitation against them in the wild, but they did not release any additional information about the attacks. Many experts believe that these two zero-day flaws in the Apple devices are used exclusively for targeted attacks; however, it is still advised to install the security updates to avoid getting targeted by the exploits.

Last March, Apple repaired another pair of zero-day flaws utilised in the AppleAVD and Intel Graphics Driver that hackers could exploit to run code with Kernel privileges.

These exploited flaws imply that several threat groups constantly look for ways to infect the iOS. Therefore, Apple users should continuously be updated with the latest trends surrounding cybersecurity threats and patch the OS when repairs are available.

About the author