Apple Patches Two Exploited Vulnerabilities

Apple fixed two vulnerabilities that are, according to Apple, already being exploited. The WebKit vulnerability could be used by a malicious website to execute arbitrary code, while the Kernel issue can then be used to escalate privileges. No additional details are known at this point.

 

MacOS Monterey iOS/iPadOS
CVE-2022-32894 [important] Kernel
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
x x
WebKit Bugzilla [critical] WebKit
An out-of-bounds write issue was addressed with improved bounds checking.
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
x x

 

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS San Francisco Winter 2022

Johannes

4607 Posts
ISC Handler
Aug 17th 2022

Sign Up for Free or Log In to start participating in the conversation!