Apple released two security reports about newly discovered flaws in its devices that could give complete access to cyber criminals. iPhones, iPads, and several Mac devices have been detected with vulnerabilities. However, not all iPod models are said to be affected by this vulnerability. The flaw could lead to data theft and financial loss, among other risks.
Emergency update by Apple
To secure devices, Apple has released ‘emergency updates’ for vulnerable devices. The company has asked users to update their devices to avert any possible security threats. A list of threats and vulnerable devices was made to inform users about the flaw in Apple. Several iPhone models like iPhone 6s, iPad Pro, iPad Air 2, and Mac models were mentioned on the list.
The flaw in Apple devices
To assist users in understanding the defect in their device, Apple released a report with details of the update, the impact and the description, along with the Common Vulnerabilities and Exposure (CVE). Below are the details of the flaw as mentioned in the report:
Kernel
- Available for: macOS Monterey
- Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE-2022-32894: an anonymous researcher
WebKit
- Available for: macOS Monterey
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- WebKit Bugzilla: 243557
CVE-2022-32893: an anonymous researcher
Apple users urged to follow the latest guidelines and updates
The company has maintained that they are aware of the flaw adding that the possibility of devices being actively exploited cannot be ruled out. Vulnerabilities in macOS Monterey, iOS and iPadOS, and Safari have led to concern among users, especially those handling critical information about the security of their data and identity.
The Cybersecurity and Infrastructure Security Agency (CISA) have asked users to be updated about the changes and to keep their devices safe by reviewing and following the guidelines mentioned in Apple’s security updates.
