Security On-Demand Received Top #21 Global Ranking in the 2022 MSP501 List. See the list here

Threat Advisory: Apple Zero-Day Vulnerabilities (CVE-2022-32894 and CVE-2022-32893)

Event Summary

Apple is urging macOS, iPhone and iPad users to install the released update as soon as possible. The update includes fixes for two zero-days vulnerabilities under active attack. The patches are for vulnerabilities that allow attackers to execute arbitrary code and ultimately take over devices. Apple has released security updates for iOS, iPadOS, and macOS Monterey to fix these vulnerabilities.

Detail

Product Affected Vulnerable Version CVE-CVSS Associated Risk / Details for vulnerability Recommendations
iOS & iPadOS <15.6.1*

iPhone 6s and later

for iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

 

CVE-2022-32893 High – Arbitrary code execution Update systems with latest security patches
MacOS <12.5.11*
MacOS Monterey
CVE-2022-32894 High – Arbitrary code execution

 

Update systems with latest security patches

 

*Versions prior to the latest version

SOD Actions

The Security On-Demand Threat Recon Unit will continue to monitor these events and provide relevant updates. Currently, we recommend applying vendor patches immediately. Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.

Our Threat Recon Unit will also keep track of any exploitation tool or PoC (Proof of Concept) that could leverage the usage of those vulnerabilities to exploit systems actively. Information about new IoCs and IoAs will continue to be included proactively as part of the ThreatWatch service’s monitoring mechanism on every service tier.

Please contact your Security On-Demand Customer Success Manager if you have any questions about this alert.

Additional Resources

RECOMMENDED POSTS