In order to address two zero-day vulnerabilities that were previously used by hackers to break into iPhones, iPads, or Macs, Apple has today published emergency security patches.
Zero-day vulnerabilities are security weaknesses that are discovered by attackers or researchers before they are discovered by or can be fixed by the software manufacturer. Zero-day vulnerabilities frequently have available proof-of-concept exploits or are actively used in attacks.
In order to patch two zero-day vulnerabilities that have reportedly been frequently exploited, Apple has now released macOS Monterey 12.5.1 and iOS 15.6.1/iPadOS 15.6.1.
This flaw allows a programme, such as malicious software, to run commands with kernel privileges. As the highest privilege level, a process would have full authority over the device at this level and could execute any command on it.
The second zero-day flaw, CVE-2022-32893, is an out-of-bounds write flaw in WebKit, the web browser engine that powers Safari and other web-accessible applications.
Apple claims that this weakness, which affects the web engine, could be remotely exploited by accessing a website that has been specially coded to facilitate arbitrary code execution by an attacker.
The flaws were discovered by unidentified researchers, and Apple patched them in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1 by enhancing bounds checking for both flaws.
The following gadgets are among those impacted by both vulnerabilities: Macs running macOS Monterey
iPhone 6s and later, iPad Pro (all models), iPad Air 2, iPad 5th generation, iPad mini 4, and iPod touch 7th generation and later