Apple has launched one other spherical of safety updates to handle vulnerabilities in iOS and macOS, together with a brand new zero-day flaw that is being actively exploited by attackers.
The zero-day flaw, tracked as CVE-2022-32917, permits a malicious app to run arbitrary code on an affected machine with kernel privileges, Apple mentioned in a safety advisory on Monday, which suggests full entry to the machine and its information. Apple warned that it’s conscious that this flaw “might have been actively exploited,” believed to be the eighth zero-day vulnerability fastened by Apple for the reason that begin of the 12 months.
Apple says it fastened the bug in updates for iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6 and macOS Massive Sur 11.7.
Apple hasn’t revealed any additional details about CVE-2022-32917 or how it’s being exploited by cybercriminals. Apple didn’t reply to a request for remark.
Apple this week back-ported a patch for an additional exploited zero-day, tracked as CVE-2022-32894, to Macs working macOS Massive Sur 11.7. This comes weeks after the corporate patched the identical vulnerability — described by Apple as a remotely exploitable WebKit zero-day that might enable attackers to execute arbitrary code on unpatched gadgets — in older iPhones and iPads.
Along with these fixes, Apple launched quite a few different safety updates on Monday, together with a Safari flaw that might result in tackle bar spoofing, a difficulty in Maps that might allow an attacker to learn delicate location info, and a Contacts vulnerability that will allow apps to bypass privateness preferences.
The safety fixes had been launched alongside iOS 16, which brings with it quite a few safety and privateness enhancements, together with assist for Apple Passkeys and Lockdown Mode.