Apple has released emergency security updates to address two zero-day vulnerabilities used to hack into iPhones, iPads, and Macs. According to Apple, there has been active exploitation of these vulnerabilities in the wild.
The first vulnerability, tracked as CVE-2022-32894, is an out-of-bounds write vulnerability that exists in the kernel of macOS. Since the kernel runs with the highest privileges on an operating system, threat actors that exploit this vulnerability would be able to execute code on the system at this level, effectively taking complete control over it. The second vulnerability, tracked as CVE-2022-32893, is also an out-of-bounds write vulnerability, but in the WebKit application. WebKit is the web browser engine used by Safari and other applications that can access the web. This vulnerability would allow threat actors to execute code on the device and can likely be exploited remotely by visiting a maliciously crafted website.
The following devices are affected by these vulnerabilities:
- Macs running macOS Monterey
- iPhones 6s and later
- iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Apple has released fixes for macOS Monterey in version 12.5.1 and iOS and iPadOS in version 15.6.1.
While the active exploitation of these vulnerabilities likely occurred in highly targeted attacks, it will not be long before exploitation becomes more widespread. Due to this, it is recommended to update all affected Apple devices to their respective fixed versions as soon as possible. This includes not only work devices used in an organization, but any personal devices as well since this vulnerability affects all modern iPhone devices. It is also recommended to implement and maintain regular patching cycles for all devices, especially end user ones, across an organization. This not only makes it easier to push out hypercritical patches en masse, but also ensures devices are regularly patched and kept up to date. Finally, it is recommended to maintain appropriate preventative and detective controls, such as an EDR, on all systems within an organization. This can potentially help prevent vulnerabilities from being exploited or provide critical detective capabilities to spot post-exploitation activity occurring on a device, alerting the organization to a potential compromise. Binary Defense’s Managed Detection and Response (MDR), SOC, and Threat Hunting services can assist with a defense in depth strategy with a post-exploitation component.