Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild.
The issue, assigned the identifier CVE-2022-32917, is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges.
“Apple is aware of a report that this issue may have been actively exploited,” the iPhone maker acknowledged in a brief statement, adding it resolved the bug with improved bound checks.
An anonymous researcher has been credited with reporting the shortcoming. It’s worth noting that CVE-2022-32917 is also the second Kernel related zero-day flaw that Apple has remediated in less than a month.
Patches are available in versions iOS 15.7, iPadOS 15.7, iOS 16, macOS Big Sur 11.7, and macOS Monterey 12.6. The iOS and iPadOS updates cover iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
images from Hacker News