Apple today released emergency security updates to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs.
Apple informs its users of an immediate update of their devices due to two new patches it has included to resolve two exploited zero-day threats by attackers to hack iPhones, iPads or Macs.
If you still don’t know what a zero-day attack is, in a nutshell it is a cyberattack against an application or system that aims to execute malicious code thanks to knowledge of vulnerabilities that the manufacturer of the product and users are unaware of. And since they are unknown, these security holes have yet to be fixed.
In this way, cybercriminals use exploits, a malicious code that takes advantage of said vulnerability, to infect the computer.
We recently learned that a new zero-day vulnerability was lurking in the Microsoft Diagnostic Tool (MSDT). Named DogWalk, it has been and continues to be ignored by Microsoft, as the company has deemed that it does not meet the immediate service requirements.
Today Apple released macOS Monterey 12.5.1 and iOS 15.6.1/iPadOS 15.6.1 to resolve two zero-day vulnerabilities which are reported to have been actively exploited. Note that these two vulnerabilities are the same for all three operating systems.
The first of them, registered as CVE-2022-32894. This incident is an out-of-bounds write vulnerability in the operating system Kernel (core component of the OS). As for the second, known as CVE-2022-32893, This is a vulnerability in WebKit, the web browser engine used by Safari and other applications that can access the Internet.
With these there are already a total of seven vulnerabilities that Apple has had to resolve this year. The company advises, despite the fact that it is very likely that these attacks have only been exploited in targeted attacks, that users install security updates as soon as possible.