Aug 18, 2022 13:00:00

Apple released security updates for iPhone and Mac, it may have already been exploited for hacking

On August 17, 2022, local time, Apple released a security update on macOS, iOS, and iPadOS that fixes two ``

zero-day vulnerabilities that may have been exploited by attackers''.

Apple security updates - Apple Support
https://support.apple.com/en-us/HT201222

Apple security updates fix 2 zero-days used to hack iPhones, Macs
https://www.bleepingcomputer.com/news/security/apple-security-updates-fix-2-zero-days-used-to-hack-iphones-macs/

New macOS 12.5.1 and iOS 15.6.1 updates patch “actively exploited” vulnerabilities | Ars Technica
https://arstechnica.com/gadgets/2022/08/apple-releases-macos-12-5-1-and-ios-15-6-1-for-actively-exploited-vulnerabilities/

A zero-day vulnerability refers to a security flaw discovered by an attacker or researcher before the software vendor has noticed or patched it. While it's harmless for researchers to discover and perform proof-of-concept attacks, there have been reportsof attackers exploiting zero-day vulnerabilities that have been discovered.

Apple has released an emergency security update to fix two zero-day vulnerabilities. Three versions were released: ' macOS Monterey 12.5.1 ' for Mac, ' iOS 15.6.1 ' for iPhone, and ' iPadOS 15.6.1 ' for iPad, all of which have the same fixed vulnerabilities. is. The two zero-day vulnerabilities were reported by anonymous researchers, and Apple said they 'may have been exploited by attackers.'

Of the two fixed zero-day vulnerabilities, `` CVE-2022-32894 '' is a kernel vulnerability that is at the core of the OS, allowing applications to execute arbitrary code with kernel privileges. Since kernel privilege is the highest level of privilege, exploiting this vulnerability could effectively take control of the device.

Another ' CVE-2022-32893 ' is a vulnerability that exists in the HTML rendering engine WebKit , and it seems that there is a risk of remote execution of arbitrary code when accessing a malicious website.

To install the latest software update on your iPhone, tap Settings > Software Update Available.

Check the version of the update and tap 'Download and Install'.

Google also released a security update for the desktop version of Chrome on August 16th, local time. The version is ' 104.0.5112.101 ' for Mac and Linux, and ' 104.0.5112.102/101 ' for Windows.

Chrome Releases: Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html

Google, Apple squash exploitable browser bugs • The Register
https://www.theregister.com/2022/08/17/google_chrome_bug/

This security update contains fixes for 11 vulnerabilities, among which the vulnerability ' CVE-2022-2856 ' related to input validation has already been confirmed to be exploited. Researchers who discovered these vulnerabilities have been paid a bounty of at least $ 29,000 (about 3.9 million yen) through the Chrome Vulnerability Bounty Program .

Chrome security updates are scheduled to be rolled out in a few days to a few weeks.