Time to Patch: Hackers Are Exploiting 2 Flaws in iOS, MacOS

pcmag.com:

Apple just released patches to fix two flaws in iOS and macOS that hackers have been exploiting to attack users. 

The company released patches for both operating systems with iOS/iPadOS version 15.6.1(Opens in a new window) and macOS Monterey 12.5.1(Opens in a new window). The release notes warn that Apple is aware that someone may be exploiting both vulnerabilities for malicious purposes. 

The first flaw, dubbed CVE-2022-32893, affects WebKit, the browser engine used in Safari and all other iOS browsers, including Google’s Chrome. In the wrong hands, the vulnerability can be used to craft malicious web content capable of triggering remote code execution on the software. This means a hacker could exploit the flaw to cause an iPhone or Mac to visit a malicious website or download a bad app. 

The second flaw, dubbed CVE-2022-32894, involves the kernel or the core part of the iOS and macOS operating system. By exploiting this vulnerability, a hacker can execute computer code over the device with “kernel privileges,” allowing them to run programs or commands an attacker normally wouldn't be able to execute. 

According to Apple, the two flaws affect Mac devices on macOS Monterey, iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Apple didn’t provide any other details. But we wouldn’t be surprised if the hackers were chaining the two flaws together to target users, perhaps through a phishing attack involving direct messages to victims. An anonymous researcher uncovered both vulnerabilities. 

There’s also a good chance elite hackers, including government-paid cyberespionage companies such as Israel’s NSO Group, have been