Logo

Logo

Apple fixes new zero-day bug being actively exploited by hackers

According to Apple, the zero-day vulnerability, also known as CVE-2022-32917, enables malicious apps to run arbitrary code with kernel privileges on a compromised device.

Apple fixes new zero-day bug being actively exploited by hackers

[File Photo]

Apple has patched several recent flaws in iOS and macOS, including a zero-day bug that hackers were actively using.

According to Apple, the zero-day vulnerability, also known as CVE-2022-32917, enables malicious apps to run arbitrary code with kernel privileges on a compromised device.

Advertisement

In releases for iOS 15.7, iPadOS 15.7, macOS Monterey 12.6 and macOS Big Sur 11.7, Apple resolved the bug.

Advertisement

Apple expressed its concern that this weakness “may have been aggressively exploited” in a statement.

This is Apple’s sixth patch for a zero-day vulnerability this year, according to TechCrunch.

In addition to these fixes, Apple also released a fix for a Safari browser flaw that could lead to address bar spoofing.

The security fixes were released along with iOS 16, which brings several security and privacy features, including support for Apple Passkeys and Lockdown Mode.

“Keeping your software up to date is one of the most important things you can do to maintain your Apple product’s security,” said the company.

After a software update is installed for iOS, iPadOS, tvOS, and watchOS, it cannot be downgraded to the previous version.

Apple fixed two security flaws last month by releasing fresh software upgrades for iPhones, iPads, and Macs to address the tech giant’s knowledge that criminals were actively utilising them.

The WebKit browser engine, which runs Safari and other apps, and the kernel, which is effectively the operating system’s brain, were both determined to be vulnerable.

The tech giant had said the WebKit bug could be exploited if a vulnerable device accessed or processed “maliciously crafted web content (that) may lead to arbitrary code execution”.

(inputs from IANS)

Advertisement