Two Critical Vulnerabilities Patched by Apple
Apple releases security updates for iOS, iPad, and Mac platforms. Addresses two zero-day vulnerabilities that attackers have previously used to compromise devices. Latest update brings the total number of zero days patched by Apple to six since the beginning of the year. No information about these attacks has been made public.
2024-01-18
'%3e%3cpath%20d='M4%204L15.733%2020H20L8.267%204H4Z'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2020L10.768%2013.232M13.228%2010.772L20%204'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_8149_16006'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Apple Patches Two Actively Exploited Zero-Day Vulnerabilities on iOS, iPadOS, and macOS
Apple's latest security updates for iOS, iPadOS, and macOS on Wednesday have tackled two critical zero-day vulnerabilities, CVE-2022-32893 and CVE-2022-32894. These vulnerabilities allowed attackers to execute arbitrary code on Apple devices, potentially granting them full control. Given that these vulnerabilities were actively exploited, it is essential for Apple device users to install the updates immediately to mitigate risks.
What Are Zero-Day Vulnerabilities, and Why Are They a Big Deal?
Zero-day vulnerabilities are security flaws that are unknown to the vendor and the public when attackers discover them, meaning there’s "zero" time for companies to prepare fixes. Once they’re identified, companies like Apple work quickly to develop patches before attackers have the chance to use them in more widespread attacks.
Apple’s proactive approach to patching these vulnerabilities reinforces its commitment to application security and user safety, and it’s crucial that users respond by installing these updates promptly.
Details of the Patched Zero-Day Vulnerabilities
CVE-2022-32893: WebKit Issue Leading to Arbitrary Code Execution
CVE-2022-32893 is a WebKit vulnerability that could allow attackers to execute arbitrary code on the target device by having it process specially crafted web content. WebKit is the underlying engine that powers Safari, and a compromise here can directly affect browser security and data integrity on Apple devices. By manipulating this vulnerability, attackers can run unauthorized code on a device, which can lead to device takeovers, data theft, or further malware installation.
Apple fixed this issue by improving boundary checks within the WebKit engine, enhancing application security on iOS, iPadOS, and macOS devices. This vulnerability highlights the importance of boundary specification in application design, which limits what content can interact with sensitive system areas.
CVE-2022-32894: Core OS Vulnerability Allowing Kernel Privilege Escalation
The CVE-2022-32894 vulnerability is a flaw in Apple’s OS kernel, allowing attackers to execute malicious code with high privileges. The kernel is the core part of the operating system, responsible for controlling hardware interactions and enforcing security protocols. This means that if an attacker gains kernel-level access, they could potentially control all aspects of the device, from network functions to sensitive data.
To mitigate this, Apple addressed the privilege escalation potential within the kernel by adding more rigorous verification and control measures. In doing so, Apple has closed off an attack vector that allowed malicious software to reach deeper levels of the device's operating system.
Why Regular Updates Are Crucial for Apple Users
With the patching of these two vulnerabilities, the total number of zero-day vulnerabilities patched by Apple this year has risen to six. The other four zero-days addressed in 2022 include:
- CVE-2022-22587: IOMobileFrameBuffer issue allowing attackers to escalate privileges.
- CVE-2022-22620: WebKit vulnerability that permitted arbitrary code execution.
- CVE-2022-22674: A graphic driver flaw affecting Intel graphics that could expose sensitive memory data.
- CVE-2022-22675: AppleAVD vulnerability that allowed unauthorized code execution.
This pattern of vulnerabilities highlights how frequently attackers exploit flaws before they are publicly known, reinforcing the need for regular, proactive updates.
How to Update Your Apple Devices
Updating Apple devices is simple and should be a priority for all users. Here’s how to do it:
- For iOS and iPadOS: Go to Settings > General > Software Update and tap Download and Install.
- For macOS: Go to System Preferences > Software Update and select Update Now.
Recommendations for IT and Security Teams
If you manage multiple Apple devices in a professional setting, here’s what you should prioritize:
- Deploy updates across all managed devices: Use your Mobile Device Management (MDM) tools to push updates to all iOS, iPadOS, and macOS devices immediately. This reduces the window of vulnerability and ensures compliance.
- Encourage security awareness training: Regularly train employees to recognize suspicious web content and phishing tactics, which are commonly used to exploit WebKit vulnerabilities. Keepnet Labs offers a Phishing Simulator to provide hands-on practice for recognizing these attacks.
- Use human risk management strategies: The Keepnet Human Risk Management Platform enables organizations to measure and mitigate risk across users, minimizing the chance of human errors that could lead to device compromise.
Staying Ahead of the Curve: Apple’s Commitment to Cybersecurity
Apple’s quick response to these vulnerabilities showcases its commitment to advanced application security and robust incident response. Zero-day vulnerabilities will continue to emerge, and organizations using Apple products should maintain up-to-date security training, threat awareness, and device management policies.
Final Takeaway
In a world where cyber threats evolve constantly, Apple’s ongoing security updates are crucial defenses against unknown, active threats. Make it a priority to install these updates on all Apple devices to protect your data and your network from exploitation.
Editor's Note: This blog was updated on November 14, 2024.
SHARE ON