Article 62M7X New macOS 12.5.1 and iOS 15.6.1 updates patch “actively exploited” vulnerabilities

New macOS 12.5.1 and iOS 15.6.1 updates patch “actively exploited” vulnerabilities

by
Andrew Cunningham
from Ars Technica - All content on (#62M7X)
Apple_MontereyGraphic-CROPPED-800x424.jp

Enlarge (credit: Apple)

Apple has released a trio of operating system updates to patch security vulnerabilities that it says "may have been actively exploited." The macOS 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 updates are available for download now and should be installed as soon as possible.

The three updates all fix the same pair of bugs. One, labeled CVE-2022-32894, is a kernel vulnerability that can allow apps "to execute arbitrary code with kernel privileges. The other, CVE-2022-32893, is a WebKit bug that allows for arbitrary code execution via "maliciously crafted web content." Both discoveries are attributed to an anonymous security researcher. WebKit is used in the Safari browser as well as in apps like Mail that use Apple's WebViews to render and display content.

Apple didn't release equivalent security patches for macOS Catalina or Big Sur, two older versions of macOS that are still receiving regular security updates. We've contacted Apple to see whether it plans to release these patches for these older OSes, or if they aren't affected by the bugs and don't need to be patched.

Read 1 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments