Apple has patched numerous vulnerabilities in macOS, iOS, and iPadOS, including a kernel zero-day vulnerability (CVE-2022-32917) that was exploited by attackers in the wild.
CVE-2022-32917, reported by an anonymous researcher, could allow malicious programs to execute arbitrary code with kernel privileges.
“Apple is aware of a report that this issue may have been actively exploited,” the company said, noting that the vulnerability has been fixed with improved boundary checks.
The vulnerability was patched in macOS 12.6 (Monterey), macOS 11.7 (Big Sur), iOS 16and iOS 15.7 and iPadOS 15.7.
As is Apple’s custom, details about attacks using this flaw have not been released, but they are likely to be targeted and limited. However, users are advised to update their Apple devices as soon as possible.
The updates also contain fixes for similar and less critical vulnerabilities. The Big Sur update also includes a fix for CVE-2022-32894, fixed in August in iOS 15.6.1 and iPadOS 15.6, as well as in macOS 12.5.1.
Apple has been busy fixing zero days
This is the eighth time this year that Apple has patched a zero-day vulnerability in the operating systems that run their Macs and iPhones.
Apple has also released security updates for tvOS and watchOS, but has yet to say which vulnerabilities have been fixed.
iOS 16 is the most recent major version of the iOS mobile operating system, which comes with several new features security and privacy features.