Vulnerability Management, Application security, Endpoint/Device Security

Apple patches two zero-day vulnerabilities in iOS and macOS

Share
The Apple logo is displayed on the exterior of an Apple Store on Feb. 1, 2018, in San Francisco. (Photo by Justin Sullivan/Getty Images)
The Apple logo is displayed on the exterior of an Apple Store on Feb. 1, 2018, in San Francisco. (Photo by Justin Sullivan/Getty Images)

Two zero-day bugs that could allow remote code execution in Apple products that are apparently being exploited have prompted the company to release emergency security updates Wednesday.

The Cupertino, California-based tech giant yesterday released a patch for a Webkit vulnerability, CVE-2022-32893, that lets a maliciously crafted website to execute arbitrary code and could lead to the takeover of iOS devices and Macs.

As the folks at Sophos’ Naked Security blog wrote: “Simply put, a cybercriminal could implant malware on your device even if all you did was to view an otherwise innocent web page.”

The second vulnerability allows kernel code privileges that would let an attacker break out of an application and take over an entire device or computer. The kernel vulnerability, CVE-2022-32894, would give “administrative superpowers,” according to Sophos, by exploiting the Webkit vulnerability and allow an attacker to change settings; download and install apps; access almost all data, including location; and access the camera and microphone. 

Both patches address an out-of-bounds write issue and are available for download. 

Apple releases vulnerability fix for Safari web browser

Apple released another security update on Aug. 18 to fix the same issues affecting its Safari web browser for macOS Big Sur and Catalina.

Also on Aug. 18, the Cybersecurity and Information Security Agency released an alert on the vulnerabilities in the Apple products and is urging users and administrators to review the update and apply the patches as soon as possible.

Updated 9:25 a.m. Eastern on Friday, Aug. 19.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.
Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.