Apple has released macOS Monterey 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 which addresses two zero-day vulnerabilities being actively exploited in the wild.
One of the flaws, affecting all three forms of the software is an out-of-bounds write vulnerability in the OS Kernel which can be abused to grant malicious applications highest privileges – in other words, an attacker could use it to fully take over a vulnerable endpoint (opens in new tab).
The second vulnerability, tracked as CVE-2022-32893, is an out-of-bounds write flaw in WebKit, Safari’s engine used by other apps with web access. This can also be used to take over a vulnerable device, as it allows threat actors to perform arbitrary code execution.
Keep your devices safe
The company said it had been tipped off to the flaws by an anonymous user tipped Apple off, adding that it improved had bounds checking for both bugs.
If your organization runs either Macs with macOS (opens in new tab) Monterey, iPhone 6s or later devices, all iPad Pros, iPad Air 2 and newer devices, iPads 5th gen and beyond, iPads mini 4 and newer, or iPod touch 7th generation devices, you should patch immediately, especially because the flaws are being actively exploited.
Apple’s been quite busy fixing zero-day vulnerabilities in recent months. In January 2022, it fixed two such flaws, namely CVE-2022-22578, and CVE-2022-22594, which allowed arbitrary code execution with kernel privileges. A month later, it fixed another zero-day, affecting iPhones, iPads, and Macs, and allowing threat actors to crash the OS and run remote code execution.
In March, it patched CVE-2022-22674, and CVE-2022-22675, both zero-days abused to execute code with Kernel privileges.
Via: BleepingComputer (opens in new tab)