red alarm

[updated] Important update! iPhones, Macs, and more vulnerable to zero-day bug

On Monday, Apple released a long list of patched vulnerabilities to its software, including a new zero-day flaw affecting Macs and iPhones. The company revealed it’s aware that threat actors may have been actively exploiting this vulnerability, which is tracked as CVE-2022-32917.

As it’s a zero-day, nothing much is said about CVE-2022-32917, only that it may allow malformed applications to execute potentially malicious code with kernel privileges. Apple says it’s patched this flaw with improved bounds checks. Below is a list of products this bug affects:

  • Macs running macOS Monterey 12.6 and macOS Big Sur 11.7
  • iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

CVE-2022-32917 is the eighth zero-day flaw that Apple has addressed since the beginning of 2022. The first seven are as follows:

Mitigation

Since we received a lot of questions about what actions are needed, we’re adding this section for your convenience.

The necessary updates for these vulnerabilities were included in:

These should all have reached you in your regular update routines, but it doesn’t hurt to check if your device is at the latest update level

How to update your iPhone or iPad.

How to update macOS on Mac.

If you fear your Mac has been infected, try out Malwarebytes for Mac. Or Malwarebytes for iOS for your Apple devices.

As this latest vulnerability is already being exploited, it’s really important that you update your devices as soon as you can. Stay safe!

ABOUT THE AUTHOR