Home > Cyber News > Apple Fixed Two Actively Exploited Zero-Days [CVE-2022-32893]

Apple Fixed Two Actively Exploited Zero-Days [CVE-2022-32893]

VibeProfile Mac Virus - How to Remove [Free Guide]

Two zero-days were fixed by Apple in the following operating systems – macOS, iOS and iPadOS. The zero-days, known as CVE-2022-32893 and CVE-2022-32894, have been exploited in the wild against exposed devices.

CVE-2022-32893 and CVE-2022-32894 in macOS, iOS and iPadOS

CVE-2022-32893 is an out-of-bounds flaw in WebKit allowing arbitrary code execution by processing specially crafted web content. CVE-2022-32894 is also an out-of-bands issue in Kernel that could be leveraged in arbitrary code execution attacks carried out with the highest privileges possible.

Both vulnerabilities were fixed with improved bounds checking. Technical details surrounding the vulnerabilities are scarce. In terms of how the flaws were exploited, it is most likely that they were used in highly targeted attacks.

In July, Apple fixed a total of 37 software vulnerabilities in its operating systems iOS, iPadOS, macOS, tvOS, and watchOS. The flaws affected different parts of the operating systems, and could be used for escalation of privilege, arbitrary code execution, information disclosure and denial-of-service attack scenarios.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree