Active Exploitation of a Critical Vulnerability in Apple Products

Published on 13 Sep 2022

Updated on 14 Sep 2022

Apple has released security updates to fix a zero-day critical vulnerability (CVE-2022-32917) found in their products.

Successful exploitation of this vulnerability could allow an attacker to enable maliciously written programs to execute arbitrary code with kernel privileges.

Users are advised to patch their products to the latest versions immediately:

  • Safari 16 web browser: for macOS Big Sur and macOS Monterey
  • macOS Monterey 12.6: for macOS Monterey
  • macOS Big Sur 11.7: for macOS Big Sur
  • iOS 16: for iPhone 8 and later
  • iOS 15.7 and iPad OS 15.7: for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

 

Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.

More information is available here:

https://support.apple.com/en-us/HT201222

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32917

https://www.bleepingcomputer.com/news/security/apple-fixes-eighth-zero-day-used-to-hack-iphones-and-macs-this-year/

https://www.theregister.com/2022/09/12/apple_patched_exploited_flaws/