New Apple Zero-day vulnerabilities actively exploited
CVE-2022-32894
CVE-2022-32893
Bronnen
https://support.apple.com/en-us/HT201222
https://support.apple.com/en-us/HT213412
Risico’s
Apple released a security update for macOS, iOS, and ipadOS devices addressing two zero-day vulnerabilities that are currently being exploited in the wild. These vulnerabilities could allow a potential attacker to execute arbitrary code on a victim system.
Beschrijving
CVE-2022-32894 could allow an application to execute arbitrary code with kernel privileges. This could result in a complete compromise of the system. The kernel is a core part of the system with really high privileges.
CVE-2022-32893 is a vulnerability in WebKit that enables maliciously crafted web content to execute arbitrary code on a system. An attacker could infect a victim by sending them a link to this malicious web content (if the victim clicks on that link).
Aanbevolen acties
The Centre for Cyber Security Belgium recommends administrators to check if they have Apple devices listed above. If that's the case, the CCB strongly recommends to be sure that the latest updates are installed as soon as possible.