Apple releases macOS 12.5.1 and iOS 15.6.1 for “actively exploited” vulnerabilities

Psychedelic illustration of two hills.

Enlarge (credit: Apple)

Apple has released a trio of operating system updates to patch security vulnerabilities that it says "may have been actively exploited." The macOS 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 updates are available for download now and should be installed as soon as possible.

The three updates all fix the same pair of bugs. One, labeled CVE-2022-32894, is a kernel vulnerability that can allow apps "to execute arbitrary code with kernel privileges. The other, CVE-2022-32893, is a WebKit bug that allows for arbitrary code execution via "maliciously crafted web content." Both discoveries are attributed to an anonymous security researcher. WebKit is used in the Safari browser as well as in apps like Mail that use Apple's WebViews to render and display content.

Apple didn't release equivalent security patches for macOS Catalina or Big Sur, two older versions of macOS that are still receiving regular security updates. We've contacted Apple to see whether it plans to release these patches for these older OSes, or if they aren't affected by the bugs and don't need to be patched.

Read 1 remaining paragraphs | Comments



Psychedelic illustration of two hills.

Enlarge (credit: Apple)

Apple has released a trio of operating system updates to patch security vulnerabilities that it says "may have been actively exploited." The macOS 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 updates are available for download now and should be installed as soon as possible.

The three updates all fix the same pair of bugs. One, labeled CVE-2022-32894, is a kernel vulnerability that can allow apps "to execute arbitrary code with kernel privileges. The other, CVE-2022-32893, is a WebKit bug that allows for arbitrary code execution via "maliciously crafted web content." Both discoveries are attributed to an anonymous security researcher. WebKit is used in the Safari browser as well as in apps like Mail that use Apple's WebViews to render and display content.

Apple didn't release equivalent security patches for macOS Catalina or Big Sur, two older versions of macOS that are still receiving regular security updates. We've contacted Apple to see whether it plans to release these patches for these older OSes, or if they aren't affected by the bugs and don't need to be patched.

Read 1 remaining paragraphs | Comments


August 18, 2022 at 12:46AM

Post a Comment

Previous Post Next Post