Vulnerabilities in Apple products could enable arbitrary code execution - you are advised to update devices immediately.
Multiple vulnerabilities have been discovered in Apple macOS, iOS & iPadOS, the most severe of which could make it possible for a hacker to execute code on a device as if they were a logged on admin user.
Critical security vulnerabilities - CVE-2022-32893 & CVE-2022-32894 - have been reported in iOS, iPadOS and macOS. These vulnerabilities allow drive-by compromise of the operating system through normal browsing activity. This means a malicious actor could to gain control of the operating system and depending on the context of the account associated with the user, an attacker could do the following: install programs; view, change, or delete data; or create new accounts with full user rights.
It is believed these vulnerabilities are being actively exploited.
Protect yourself:
Install updates on affected devices (see below) as a matter of urgency before the exploit becomes widely available
On macOS apply the principle of least privilege by utilising a non-privilege user account for day to day activities
Affected Products:
iOS 15.6.0 and earlier
iPadOS 15.6.0 and earlier
macOS monteray 12.5.1 and earlier
Overall Risk Assessment: Critical
CVE details: CVE-2022-32893, CVE-2022-32894
Current Exploitability: High
Current Distribution: Low
Risk Type:
C&C: Low
DoS: Low
Loss/Theft: High
Threat Assessment:
Attack Vector: Network
Attack Complexity: Unknown
Privileges: None
User Interaction: Unknown
Detection potential: Low
Mitigation potential: High
remediation potential: High
Response Effort Required: Low
Comments