Apple fixes eighth zero-day used to hack iPhones and Macs this year

Apple has released security updates to address the eighth zero-day vulnerability used in attacks against iPhones and Macs since the start of the year.

In security advisories issued on Monday, Apple revealed they’re aware of reports saying this security flaw “may have been actively exploited.”

The bug (tracked as CVE-2022-32917) may allow maliciously crafted applications to execute arbitrary code with kernel privileges.

Reported to Apple by an anonymous researcher, it was addressed in iOS 15.7 and iPadOS 15.7macOS Monterey 12.6, and macOS Big Sur 11.7 with improved bounds checks.

The complete list of impacted devices includes:

  • iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation
  • and Macs running macOS Big Sur 11.7 and macOS Monterey 12.6

Apple also backported patches for another zero-day (CVE-2022-32894) to Macs running macOS Big Sur 11.7 after releasing additional security updates on August 31 to address the same bug on iOS versions running on older iPhones and iPads.

Patch your iPhones and Macs to block attacks

Although Apple disclosed active exploitation of this vulnerability in the wild, the company is yet to release any information regarding these attacks.

By refusing to release this info, Apple likely wants to allow as many customers as possible to patch their devices before other attackers develop their own exploits and start deploying them in attacks targeting vulnerable iPhones and Macs.

While this zero-day was most likely only used in highly-targeted attacks, installing these security updates as soon as possible is still strongly advised to block attack attempts.

This is the eighth zero-day fixed by Apple since the start of the year: