Home > Cyber News > CVE-2022-32917: Actively Exploited Zero-Day in macOS and iOS
CYBER NEWS

CVE-2022-32917: Actively Exploited Zero-Day in macOS and iOS

by   |  Last Update:  |  0 Comments  

CVE-2022-32917-apple-zero-day-sensorstechforum

This week Apple released an emergency update to address a new zero-day vulnerability that affects macOS and iOS.

CVE-2022-32917 Zero-Day: Overview

Reports indicate that the zero-day has already been exploited in the wild. Tracked as CVE-2022-32917 and reported anonymously, the flaw could allow malicious applications to perform arbitrary code execution attacks with kernel privileges.




The list of affected Apple devices includes iPhone 6 and later, all models of iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, 7th generation of iPod touch, and macOS Big Sur 11.7 and macOS Monterey 12.6. Apple has confirmed the exploitation of CVE-2022-32917. The flaw was addressed with improved bounds checks, the company said.

It is also notable that Apple backported the patch for CVE-2022-32894, which is another zero-day, in macOS Big Sur 11.7 following the release of additional security updates on August 31 to fix the same issue in older iPhones and iPads.

What Is Backporting?

Backporting occurs when a software patch or update is taken from a recent software version and applied to an older version of the same software. Backporting is common in legacy applications or older versions still supported by the developer.

All affected users should upgrade their Apple devices against the vulnerabilities as soon as possible. Even though the zero-days were most likely used in highly-targeted attacks, the risk of leaving your devices exposed to attacks is real.

In August, the company fixed two other zero-days in macOS, iOS and iPadOS. The zero-days, known as CVE-2022-32893 and CVE-2022-32894 (the patch for which was just backported), have been exploited in the wild against exposed devices. Both issues were fixed with improved bounds checking.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  2. Apple Hasn’t Patched Actively Exploited Zero-Days in macOS Catalina, Big Sur Apple recently released two emergency patches to fix two actively...
  3. CVE-2022-42827: iOS Zero-Day Exploited in the Wild Apple recently released updates to fix a zero-day, known as...
  4. iOS CVE-2021-30807 Zero-Day Exploited in the Wild, Patch Now A zero-day vulnerability in iOS, iPadOS, and macOS was just...
  5. Patch Your iOS Device against CVE-2021-30761, CVE-2021-30762 To the attention of Apple users – the company recently...
  6. November 2022 Patch Tuesday Fixes 6 Exploited Zero-Days (CVE-2022-41128) November 2022 Patch Tuesday: What Has Been Fixed? November 2022...
  7. July 2021 Patch Tuesday: Actively Exploited CVE-2021-34448 Fixed Microsoft Windows July 2021 Patch Tuesday just rolled out, patching...
  8. Apple Fixed Two Actively Exploited Zero-Days [CVE-2022-32893] Two zero-days were fixed by Apple in the following operating...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree