Updates for iOS 15.6.1 and macOS 12.5.1 fix “actively exploited” flaws.
On Apple’s devices, arbitrary code execution is possible due to WebKit and kernel flaws.
Three operating system updates have been made available by Apple to fix security flaws that the company claims “may have been actively exploited.” The upgrades for macOS 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 are now available for download and installation.
The identical pair of issues are fixed by all three releases. One is a kernel flaw with the identification CVE-2022-32894 that enables programs to “run arbitrary code with kernel privileges. The second vulnerability, CVE-2022-32893, affects WebKit and permits arbitrary code execution through “maliciously constructed online content.” The credit for both findings goes to an unnamed security researcher. The Safari browser and other programs like Mail that use Apple’s WebViews for content rendering and display employ WebKit.
For macOS Catalina and Big Sur, two older versions of macOS that continue to get monthly security upgrades, Apple didn’t issue corresponding security patches. We reached out to Apple to ask if it intended to make these patches available for these earlier operating systems or if they weren’t impacted by the issues and didn’t require a patch.
There are no other repairs or improvements included in Apple’s software release notes for the updates. These updates—iOS 16, iPadOS 16, and macOS Ventura—will launch later this fall and are currently being worked on by Apple.