Apple has released macOS Monterey 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 that fix two actively exploited zero-day vulnerabilities in the wild.
One of the flaws, which affects all three forms of the software, is an out-of-bounds write vulnerability in the operating system kernel that can be exploited to give malicious applications the highest privileges; in other words, an attacker could use it to take full control of a vulnerable endpoint (opens in a new tab).
The second vulnerability, tracked as CVE-2022-32893, is an out-of-bounds write flaw in WebKit, the Safari engine used by other web-enabled applications. It can also be used to take control of a vulnerable device by allowing threat actors to execute arbitrary code.
Protect your devices
The company said an anonymous user learned of the flaws and notified Apple, adding that it had improved the limits of the two bug checks.
If your organization runs Mac with macOS (opens in a new tab) Monterey, iPhone 6s or later devices, all iPad Pro, iPad Air 2 and newer devices, iPads 5th generation and later, iPad mini 4 and more new, or iPod touch 7th generation devices, you should fix them right away, especially since the flaws are being actively exploited.
Apple has been very busy patching zero-day vulnerabilities for the past few months. In January 2022, it fixed two such flaws, namely CVE-2022-22578 and CVE-2022-22594, which allowed execution of arbitrary code with kernel privileges. A month later, it patched another zero-day, which affected iPhones, iPads, and Macs, and allowed threat actors to crash the operating system and remotely execute code.
In March, it patched CVE-2022-22674 and CVE-2022-22675, two zero days abused to execute code with kernel privileges.
Via: BleepingComputer (Opens in a new tab)