Apple has released an urgent security patch that fixes multiple bugs in different versions of iOS, iPad OS, and macOS. Some of these flaws, the company confirmed, are being actively exploited in the wild.
“Apple is aware of a report that this issue may have been actively exploited.” the company said in a safety advice (opens in new tab) without going into detail about who is misusing what exactly.
The patch fixes a total of five security updates, covering 16 CVEs affecting Safari 16 (opens in new tab) on macOS (opens in new tab) Big Sur, macOS Monterey, iOS 16 on iPhone 8 and newer, as well as macOS Monterey 12.6, macOS Big Sur 11.7 and iOS 15.7 and iPadOS 15.7 on most of its devices. The company is also working on a fix for the issues on tvOS.
Random code execution
Of all the CVEs addressed in this security update, two are said to be actively exploited for allowing arbitrary code execution.
One is CVE-2022-32917, which allows malicious apps to run arbitrary code with kernel privileges. This was resolved, the company said, with improved border controls. The second is CVE-2022-32894, exploited against computers running macOS Big Sur 11.7. It also causes arbitrary code execution and is caused by an out-of-bounds write error. Apple has solved this the same way, with improved border control.
Anonymous tipsters drew Apple’s attention to these flaws, the company added.
The fixes came just days after Apple released iOS 16, a release that brings improvements to many apps, from a redesigned Home app for your smart devices to better privacy features and a big focus on the lock screen, with new fonts, colors , and themes to choose from.
Satellite calling is also coming to the newly announced iPhone 14 models, a feature set to become available in November 2022.
Through: The register (opens in new tab)