Home > Cyber News > CVE-2022-32917: Actively Exploited Zero-Day in macOS and iOS

CVE-2022-32917: Actively Exploited Zero-Day in macOS and iOS


This week Apple released an emergency update to address a new zero-day vulnerability that affects macOS and iOS.

CVE-2022-32917 Zero-Day: Overview

Reports indicate that the zero-day has already been exploited in the wild. Tracked as CVE-2022-32917 and reported anonymously, the flaw could allow malicious applications to perform arbitrary code execution attacks with kernel privileges.

The list of affected Apple devices includes iPhone 6 and later, all models of iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, 7th generation of iPod touch, and macOS Big Sur 11.7 and macOS Monterey 12.6. Apple has confirmed the exploitation of CVE-2022-32917. The flaw was addressed with improved bounds checks, the company said.

It is also notable that Apple backported the patch for CVE-2022-32894, which is another zero-day, in macOS Big Sur 11.7 following the release of additional security updates on August 31 to fix the same issue in older iPhones and iPads.

What Is Backporting?

Backporting occurs when a software patch or update is taken from a recent software version and applied to an older version of the same software. Backporting is common in legacy applications or older versions still supported by the developer.

All affected users should upgrade their Apple devices against the vulnerabilities as soon as possible. Even though the zero-days were most likely used in highly-targeted attacks, the risk of leaving your devices exposed to attacks is real.

In August, the company fixed two other zero-days in macOS, iOS and iPadOS. The zero-days, known as CVE-2022-32893 and CVE-2022-32894 (the patch for which was just backported), have been exploited in the wild against exposed devices. Both issues were fixed with improved bounds checking.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree