Apple has released patches to address kernel flaws affecting iOS/iPadOS 15 and macOS Big Sur and Catalina that are under attack.
Apple in an advisory says the two newly disclosed kernel flaws “may have been actively exploited”.
One kernel flaw, tracked as CVE-2022-32917, is addressed in iOS/iPadOS 15.7, macOS Monterey 12.6 and macOS Big Sur 11.7, while macOS Big Sur 11.7 addresses a second already-exploited kernel flaw tracked as CVE-2022-32894.
SEE: iOS 16 just dropped: Here are all the improvements you asked for
Both bugs were reported by anonymous researchers. CVE-2022-32917 is also listed as addressed in the just-released iOS 16.
So even if you don’t want to update to iOS16 yet, updating to iOS 15.7 is still a good idea.
“This update provides important security updates and is recommended for all users,” says Apple.
According to Google’s zero-day tracker, Apple has patched eight zero day flaws affecting iOS and macOS this year.
iOS devices that should be patched include iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
General users should also install Apple’s latest updates, which address a large number of vulnerabilities, including multiple issues affecting the iOS/macOS kernel, Apple Maps, the MediaLibrary component, Safari, Safari extensions, Shortcuts, and Safari’s WebKit engine. iOS 15.7 includes 10 CVE identifiers.
Just under a month ago, Apple fixed two zero-day flaws affecting iOS 15.6 and then backported one of them to iOS 12. It’s done that again, this time by bringing the fix for CVE-2022-32894 in iOS 15.6.1 to macOS Big Sur 11.7.
Today, Apple has also released security-relevant updates in iOS 16, watchOS 9, tvOS 16, and Safari 16.
Victims of the latest zero-day exploits are generally those at risk of highly targeted cyberattacks rather than the general public. But they could benefit from Lockdown Mode in iOS 16, which Apple released today. The feature helps protect users from what Apple described as “state-sponsored mercenary spyware”. The feature is also available in macOS Ventura.