Apple has patched five security fixes including two vulnerabilities in its iPhones, iPads and Mac operating systems that are already being exploited.
First of the bunch, tracked as CVE-2022-32917 can be used to allow malicious applications to execute arbitrary code with kernel privileges. The flaw got fixed with improved bounds checks and has released patches for iPhone 6 and later, iPad Pro (all models), iPad Air 2 and later, and iPad 5, iPad mini 4, and iPod touch (7th gen) models and all newer kit.
It also patched macOS Monterey 12.6 and macOS Big Sur 11.7 versions that could be exploited with the same CVE, all Mac users are advised to patch it.
Apple also released patches for another bug tracked as CVE-2022-32894 that may have been actively exploited in computers running macOS Big Sur 11.7.
This comes less than a month after it pushed a security update for this same vulnerability in older iPhones and iPads running iOS. It’s likely that miscreants also exploited this bug, Apple said at the time.
This bug allows applications to execute arbitrary code with kernel privileges, is caused by an out-of-bounds write flaw. The vendor said it fixed the bug with improved bounds checking.
The vendor released five security updates that include 16 CVEs across its Safari 16 web browser running macOS Big Sur and macOS Monterey, iOS 16 in iPhone 8 and later, macOS Monterey 12.6, macOS Big Sur 11.7 and iOS 15.7 and iPadOS 15.7 across most models of its iPhone and iPad products as well as seventh-generation iPad touch devices.