Coming Soon...

Q-CERT website is currently under maintenance. We should be back shortly. Thank you for yor patience.

Exploited Zero Day vulnerability in Apple iOS & macOS

Issued: 
Monday, 19 September, 2022
Last Revision: 
Monday, 19 September, 2022
Vendor: 
Apple
Product: 
Multiple products
Severity Level: 
High
Summary: 

A zero-day vulnerability has been identified in Apple iOS/iPadOS and in macOS which are exploited in the wild.

 

The vulnerability allows attacker to execute arbitrary code with kernel privileges. This could be used to alter devices and enabling an attacker to potentially install code such as spyware.

 

CVE/Vulnerability

Description 

Severity

CVE-2022-32917

 

Kernel – Arbitrary Code Execution 

Critical

 

 

Table 1: Vulnerability details 

 

 

 

CVE/Vulnerability

Affected Product(s)

CVE-2022-32917

 

Prior to iOS 15.7

Prior to iPadOS 15.7

macOS Big Sur 11.7

macOS Monterey 12.6

 

                                                                                       Table 2: Vulnerable versions                                  

 

 

Recommendation: 

Apple recommends to update the versions of affects products.

 

References: 
Apple security updates
CVE-2022-32917: Actively Exploited Zero-Day in macOS and iOS