Zero-Day Vulnerabilities in Apple Products

Published on 18 Aug 2022

Updated on 01 Sep 2022

Apple has released security updates to address two zero-day vulnerabilities (CVE-2022-32894 and CVE-2022-32893) in its products. There are reports that these vulnerabilities may have been actively exploited.

Successful exploitation of the vulnerabilities could allow an attacker to perform arbitrary code execution on affected products.

Users are advised to patch their products to the latest versions immediately:

  • macOS Monterey 12.5.1: for macOS Monterey
  • iOS 12.5.6: for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
  • iOS 15.6.1: for iPhone 6s and later
  • iPadOS 15.6.1: for iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.

More information is available here:

https://support.apple.com/en-sg/HT201222

https://support.apple.com/en-sg/HT213428

https://www.bleepingcomputer.com/news/security/apple-security-updates-fix-2-zero-days-used-to-hack-iphones-macs/

https://www.macrumors.com/2022/08/17/apple-releases-macos-monterey-12-5-1/

https://www.macrumors.com/2022/08/17/apple-releases-ios-15-6-1/