Apple releases emergency security update for Macs and iPhones
Apple has released an emergency security patch to address two zero-day vulnerabilities previously exploited to hack Macs and iPhones, Bleeping Computer reported.
The Cupertino-based tech company released MacOS Monterey 12.5.1 and iOS 15.6.1 on Wednesday, 17 August 2022, to fix the vulnerabilities.
Zero-day vulnerabilities are security flaws discovered by attackers or researchers before the vendor becomes aware or can patch the bug.
The vulnerabilities are the same for both operating systems (OSes), and the first, tracked as CVE-2022-32894, is an out-of-bounds vulnerability in the OS’s Kernel.
Such a vulnerability is concerning as it lets malware execute code with the highest privileges possible within the OS, meaning malicious actors could essentially take complete control over the device.
The second is tracked as CVE-2022-32893 and is also an out-of-bounds vulnerability, this time in WebKit, the browser engine used by Safari and other apps.
In this case, an attacker could remotely execute arbitrary code by getting victims to visit a malicious website.
Devices affected by the vulnerabilities include Macs running MacOS Monterey, iPhones including the 6s and later, and various iPad models.
It is recommended that owners of these devices install the security updates as soon as possible.