Issued: Tuesday, 23 August, 2022 |
Last Revision: Tuesday, 23 August, 2022 |
Vendor: |
Product: |
Severity Level: |
Apple has released security updates for iPhones, iPads and Macs to fix the two code execution vulnerabilities that could allow attackers to covertly take control of devices.
The vulnerability CVE-2022-32893 may lead to arbitrary code execution by processing maliciously crafted web content. This vulnerability could be exploited by an attacker to gain access to a susceptible system by tricking a potential victim into visiting a specially designed malicious website.
The CVE-2022-32894 vulnerability could provide an application permission to run arbitrary code with kernel privileges.
The Apple products affected by these vulnerabilities are iPhone 6s and subsequent models, all iPad Pro models (including iPad Air 2 and later), iPad 5th generation and later models, iPad Mini 4 and later versions, and iPod touch models from the 7th generation. They also affect macOS Monterey, Apple's desktop operating system for Macs.
There is high possibility of exploitation of these vulnerabilities.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2022-32893 | An out-of-bounds write issue in Webkit | n/a |
CVE-2022-32894 | An out-of-bounds write issue in operating system Kernel | n/a |
Table 1: Vulnerability details
CVE/Vulnerability | Affected Product(s) |
CVE-2022-32893 CVE-2022-32894 | macOS Monterey versions prior to 12.5.1 iOS and iPadOS versions prior to 15.6.1 |
Table 2: Vulnerable versions
We encourage the Organizations and individual users to update the affected products with the vendor provided updates (versions 12.5 for macOS Monterey and versions 15.6.1 for iOS and iPadOS).
Refer to "REFERENCES" to download the latest version of software and the steps to follow for necessary update.