Apple’s new updates | Apple released software upgrades for iOS, iPadOS, macOS, tvOS, and watchOS on Wednesday to address various security problems impacting its systems.
Apple’s new updates | This update covers at least 37 weaknesses in various components of iOS and macOS, ranging from privilege escalation to arbitrary code execution and information disclosure to denial-of-service attacks (DoS).
CVE-2022-2294 is a memory corruption problem in the WebRTC component that Google announced earlier this month as having been exploited in real-world attacks against Chrome browser users. However, there is no indication of in-the-wild zero-day exploitation of the iOS, macOS, and Safari vulnerabilities.
In addition to CVE-2022-2294, the updates address several arbitrary code execution flaws affecting Apple Neural Engine (CVE-2022-32810, CVE-2022-32829, and CVE-2022-32840), Audio (CVE-2022-32820), GPU Drivers (CVE-2022-32821), ImageIO (CVE-2022-32802), IOMobileFrameBuffer (CVE-2022-26768), Kernel (CVE-2022-328 (CVE-2022-32792).
A Pointer Authentication bypass impacting the Kernel (CVE-2022-32844) has also been addressed, as has a DoS hole in the ImageIO component (CVE-2022-32785), and two privilege escalation problems in AppleMobileFileIntegrity and File System Events (CVE-2022-32819 and CVE-2022-32826)
Furthermore, the current version of macOS addresses five security flaws in the SMB module that malicious software might exploit to obtain elevated rights, expose sensitive data, and execute arbitrary code with kernel capabilities.
To acquire the most recent security measures, users of Apple devices should update to iOS 15.6, iPadOS 15.6, macOS Monterey 12.5 (Big Sur 11.6.8 or 2022-005 Catalina for earlier generation Macs), tvOS 15.6, and watchOS 8.7.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.