Apple Patches New Zero-Day Attack Targeting iOS, Mac Devices

pcmag.com:

Time to patch: Hackers are using a new vulnerability in iOS and macOS to potentially take over devices. 

On Monday, Apple released(Opens in a new window) a patch for the previously unknown vulnerability CVE-2022-32917, which the company warns “may have been actively exploited.”

As usual, Cupertino released few details about the flaw. But the company says the attack can affect the iOS and macOS kernel, the core part of the operating system. 

By exploiting the vulnerability, a hacker might be able to execute rogue computer code on an iPhone or Mac with kernel privileges. This means the flaw could be used to alter a device, enabling an attacker to potentially install malicious code such as spyware. Apple adds it learned of the flaw from an anonymous security researcher.   

In response, the company released patches for iOS 15 and iOS 16(Opens in a new window), which also launched on Monday. On iOS 15, the fix is designed to protect phone models going back to iPhone 6s. Apple also issued patches for macOS Monterey(Opens in a new window), macOS Big Sur(Opens in a new window), and iPad models going back to the iPad 5th generation. 

Although Cupertino was mum on details, we wouldn’t be surprised if the hackers exploiting the flaw involved government-paid cyberespionage companies such as Israel’s NSO Group or Candiru. These companies specialize in finding previously unknown flaws in iOS and Android software to develop zero-day exploits that can sometimes take over a user device simply with a text message or phishing email. However, these attacks are most often used on high-value targets such as government officials, human rights activists, and journalists, as opposed to everyday consumers.  

To update(Opens in a new window) your