Skip to content

Apple fixes 0-day exploited since January alongwith iOS 16 update

  • by
  • 2 min read

Apple has released security updates addressing another zero-day, the eighth one this year, that has been exploited to attack iPhones and Macs since the beginning of the year. The vulnerability tracked as CVE-2022-32917 allowed maliciously made apps to run arbitrary code with kernel privileges. 

The flaw was reported to Apple by an anonymous researcher and has been fixed in  iOS 15.7 and iPadOS 15.7macOS Monterey 12.6, and macOS Big Sur 11.7 which introduces improved bounds checks. Additionally, the next big iPhone update, iOS 16 is also available starting September 12.

While Apple has confirmed that it knows about the vulnerability currently being exploited in the wild, the company hasn’t revealed any details about the attack vector or how it is actually being exploited. This is usually done to allow most customers to update their devices before additional threat actors can develop their own exploits to target unsuspecting users. 

iOS 16 is also available starting September 12 for iPhone 8 and later. | Source: Apple

The impacted devices include the following.

  • iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation
  • and Macs running macOS Big Sur 11.7 and macOS Monterey 12.6

Patches for another zero-day vulnerability tracked as CVE-2022-32894 were also released for Macs running macOS Big Sur 11.7 after the bug was previously fixed on iOS in an August 31 update. 

The zero-day fixed in the latest update is likely to be used in highly targeted attacks meaning while it won’t impact a majority of Apple users, it’s still recommended that users update to the latest iOS, iPadOS and macOS versions to fend off any potential attacks. 

iPhone’s next big update iOS 16 is also available starting September 12 for iPhone 8 and later. The update was announced at WWDC earlier this year and brings major improvements to the lock screen, iMessage, Photos, Maps and improved privacy features.

In the News: Shikitega Linux malware uses multi-stage deployment to avoid detection

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here:

Exit mobile version