Apple releases a new patch to fix CVE-2022-32917.
Apple recently released a new patch that fixes another zero-day vulnerability problem caused by a bug tracked as CVE-2022-32917.
Apple stated that they had received reports regarding this vulnerability being actively exploited in the wild. Apple encourages its users to install the update.
The company notes to its users that keeping their device's software up to date is one of the most important things they can do to maintain the security of their Apple products.
Apple Releases Patch for CVE-2022-32917
Apple released updates in their latest software in each affected branch of devices.
Due to the zero-day vulnerability caused by CVE-2022-32917, Apple products may be susceptible to attacks that enable maliciously written programs to execute arbitrary code with kernel privileges.
The problem was solved by implementing more thorough bounds checks. Apple was notified by an unknown researcher about the CVE-2022-32917 vulnerability.
Fixes for this issue were included in the following updated software: iOS 15.7 and iPadOS 15.7, macOS Big Sur 11.7, macOS Monterey 12.6, iOS 16, watchOS 9 and tvOS 16, and Safari 16.
Apple strongly suggests that owners of impacted devices download the patch as soon as they can. The devices affected are:
iPhone 6s and later
All iPad Pro models
iPad Air 2 and later
iPad 5th generation and later,
iPad mini 4 and later
iPod touch (7th generation)
Macs running on macOS Big Sur 11.7
Macs running on macOS Monterey 12.6
Apple reminds its users that once they have installed the update for tvOS, watchOS, iPadOS, and iOS, the software update cannot be rolled back to its earlier version, and this applies to all Apple operating systems.
Although it is extremely likely that this zero-day vulnerability was only exploited in highly targeted hacks, it is strongly recommended that these security upgrades be installed in order to prevent any attempts of malicious activities.
Apple's Zero-Day Vulnerability Attacks
Apple has not yet revealed notes for the updated patch they released for the tvOS16 and the watchOS 9. Apple might want to give its users more time to install the latest patch on their devices before disclosing any information regarding the vulnerability.
According to BleepingComputer, the exploit for the CVE-2022-32917 is the company's eighth zero-day vulnerability fixed by Apple since the beginning of this year.
Apple released patches for two additional exploited zero-days in January, one of which enabled code execution with kernel privileges which is tracked as CVE-2022-22587.
In the same month, it also patched the CVE-2022-22594 that halts the web browsing tracking activity going on.
Apple issued security updates in February to address yet another WebKit zero-day bug that was being exploited in attacks against iPhones, iPads, and Mac computers.
Apple also released patches for two zero-day vulnerabilities in the Intel Graphics Driver for CVE-2022-22674 and CVE-2022-22675 that affected the AppleAVD in March.
Last month, the company released fixes for two zero-day vulnerabilities, CVE-2022-32894 and CVE-2022-32893.
As iTechPost reported, the vulnerability tracked as CVE-2022-32893 is an execution of arbitrary code that can result from the processing of web content that was created maliciously. A problem with writing outside of the allowed range was fixed by improving the bounds checking.
Related Article