Hackers Exploiting New Zero-Days in iOS and macOS. Patch Now!

Bitdefender Family Pack 2018

Apple is rolling out fixes for multiple security flaws said to be actively exploited by threat actors. The rollout coincides with the launch of iOS 16, the newest version of the iPhone operating system.

A total of seven security updates are now available for Apple customers, not just for Mac and iPhone users but also for Apple TV and Apple Watch owners, as well as for fans of Apple’s Safari browser.

Security fixes across the board

tvOS 16 and watchOS 9 are now available for fans of Apple’s snazzy media player and wearables. The security side, though, remains a mystery, with Apple promising “details available soon.”

Safari 16 is now available with several new features as well as four security enhancements. Four vulnerabilities are addressed, including three in the browser’s WebKit rendering engine and one in the Extensions module. While none are labeled critical or actively exploited, Safari users should still upgrade to the new version for peace of mind.

More noteworthy, a critical Kernel flaw is addressed in both macOS and iOS. An attacker could exploit the vulnerability, tracked as CVE-2022-32917, to “execute arbitrary code with kernel privileges.”

“Apple is aware of a report that this issue may have been actively exploited,” warns the Cupertino tech giant.

The company understandably holds back the technicalities to give users a chance to update before more opportunistic hackers try to exploit this zero-day vulnerability.

This particular flaw is addressed on the desktop side in macOS Big Sur 11.7, macOS Monterey 12.6, and on the mobile front with iOS 15.7 and iPadOS 15.7.

Two zero-days patched in Big Sur

It’s important to note that macOS Big Sur, the previous-generation Mac operating system used by the vast majority of Mac owners worldwide, suffers from a second zero-day flaw that’s also said to be actively exploited in the wild.

Tracked as CVE-2022-32894, the flaw is virtually identical to the one above, in that an attacker can exploit it to “execute arbitrary code with kernel privileges.”

“Apple is aware of a report that this issue may have been actively exploited,” the company again warns, making it clear that Big Sur users should immediately install the update.

Upgrade to iOS 16

As for iOS 16, the all-new iPhone OS includes its own new security and privacy fixes, as well as the aforementioned patches included in older iOS versions.

If you own an iPhone and/or a Mac, give these patches priority. While rare, attacks exploiting zero-days in Apple products can have grave consequences.

A recent Bitdefender article on obsolete iDevices warned that security fixes have become vital in recent years, as spyware threats increasingly find their way onto vulnerable iPhones.

Apple customers should consider migrating to the newest iOS version eligible for their device, or upgrade their hardware altogether, to receive official security support from Cupertino, California.