Apple has released a security patch for iPhone, iPad, and Mac devices after warning that two zero-day vulnerabilities may already have been exploited by hackers.
The first vulnerability is an out-of-bounds write vulnerability in the OS Kernel. Out-of-bounds means that a program attempts to read / write data from memory that is outside of the bounds of what it is allowed to access. OS Kernel is the main interface program between the hardware and the processes.
The second vulnerability (tracked as CVE-2022-32893) is an out-of-bounds write flaw in WebKit, the engine that powers Apple’s web browser Safari.
Have These Vulnerabilities Been Exploited?
Apple says that the flaws were highlighted thanks to an anonymous tip-off from a user and has also said that hackers may have “actively exploited” the vulnerabilities.
Security Update Released
In response to the threat, Apple has released the security updates macOS Monterey 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 to fix the security loopholes. The advice is for those with using Macs with macOS Monterey, iPhone 6s or later, all iPad Pros, iPad Air 2 and newer devices, iPads 5th generation and beyond, iPads mini 4 and newer, or iPod touch 7th generation devices to download the updates immediately.
What Does This Mean For Your Business?
Apple is clearly genuinely concerned about this threat, and this has echoes of the early part of this year when Apple issued other patches for more zero-day vulnerabilities (zero-day means a vulnerability that has not yet been patched). The fact that these two vulnerabilities may already have been exploited is likely to be worrying to businesses and other users. The good news is that Apple was tipped off before things got any worse and quickly released the patches.