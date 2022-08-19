Without prior notice, Apple has recently released software updates for iPhone, iPad and Mac to fix two security vulnerabilities. These ‘zero-day’ vulnerabilities were being actively exploited by cyber attackersputting at risk any user who had any of their devices.

Both vulnerabilities were found in WebKit, the web engine used in many iOS and macOS apps. As they have commented from the TechCrunch medium, the two exploits affected both iOS, iPadOS and macOS MontereyApple’s latest operating system for Mac.

A major security flaw that has already been patched

Tracked as CVE-2022-32893, this vulnerability exploited a bug in WebKit to access or process malicious web content, causing arbitrary code execution on the system. The other exploit, identified as CVE-2022-32894, took advantage of a security flaw in the kernel of the operating system to execute malicious code with all kinds of privileges, having full control of the device.

WebKit is used by Safari and other applications to access the web. In this sense, would allow attackers to execute arbitrary code when visiting infected web pages or created specifically for targeted attacks. It is believed that both vulnerabilities would be related, so attackers could take advantage of a combination of both to violate the entire security layer of the aforementioned Apple devices.

If you have any of the devices listed below, we highly recommend updating your device to iOS 15.6.1, or macOS Monterey 12.5.1:

Computers with macOS Monterey.

iPhone 6s and later.

iPad Pro (all models).

iPad Air 2 and later.

iPad 5th generation and later.

iPad mini 4 and later.

iPod touch 7th generation.

These vulnerabilities, known as ‘zero-day’, are a type of security flaws detected by cyber attackers, before the developers themselves. It is because of that the system should be updated as soon as possible to patch the security flaw.

These types of vulnerabilities present a risk to users, and can appear on any operating system. No system is insurmountable, and how quickly a ‘zero day’ is detected and patched is crucial so as not to put users at risk, in this case those of Apple.