top of page

Security advisory: Vulnerabilities in Apple products - action required

Vulnerabilities in Apple products could enable arbitrary code execution - you are advised to update devices immediately.

Multiple vulnerabilities have been discovered in Apple macOS, iOS & iPadOS, the most severe of which could make it possible for a hacker to execute code on a device as if they were a logged on admin user.

Critical security vulnerabilities - CVE-2022-32893 & CVE-2022-32894 - have been reported in iOS, iPadOS and macOS. These vulnerabilities allow drive-by compromise of the operating system through normal browsing activity. This means a malicious actor could to gain control of the operating system and depending on the context of the account associated with the user, an attacker could do the following: install programs; view, change, or delete data; or create new accounts with full user rights.


It is believed these vulnerabilities are being actively exploited.


Protect yourself:

  • Install updates on affected devices (see below) as a matter of urgency before the exploit becomes widely available

  • On macOS apply the principle of least privilege by utilising a non-privilege user account for day to day activities

Affected Products:

iOS 15.6.0 and earlier

iPadOS 15.6.0 and earlier

macOS monteray 12.5.1 and earlier


Overall Risk Assessment: Critical

CVE details: CVE-2022-32893, CVE-2022-32894

Current Exploitability: High

Current Distribution: Low

Risk Type:

C&C: Low

DoS: Low

Loss/Theft: High

Threat Assessment:

Attack Vector: Network

Attack Complexity: Unknown

Privileges: None

User Interaction: Unknown


Detection potential: Low

Mitigation potential: High

remediation potential: High

Response Effort Required: Low










Comments


bottom of page