Apple has released another security update for macOS Monterey, macOS Big Sur, iOS, and iPadOS in response to another zero-day vulnerability that could lead to arbitrary code execution with Kernel privileges. This would allow a malicious actor to install new programs, view, change, or delete sensitive data, or even create new accounts with full user rights, further compromising the network.
Apple says they are aware of a report that this may have been actively exploited. This is the second Kernel-related zero-day vulnerability that Apple has had to address in less than a month and the eighth zero-day flaw they have fixed since the start of the year.
The vulnerability tracked as CVE-2022-32917 could allow maliciously crafted applications to execute arbitrary code with Kernel privileges. Since this is the highest level of privilege in the operating system, this would boil down to a complete device takeover. The vulnerability may already have been actively exploited. Apple is still holding off on releasing any further information. This is done to avoid giving attackers more information to develop their own exploits before users have had the time to update their devices.
Update Vulnerable devices
Apple has released the security updates macOS Monterey 12.6, macOS Big Sur 11.7, iOS 15.7, iOS 16, and iPadOS 15.7. Any older versions will need to be updated, to protect them from the vulnerability described above. You can find detailed instructions on how to install the updates on Apple's Security Updates page. Users are urged to apply the updates as soon as possible on any of the following devices:
- macOS Monterey
- macOS Big Sur
- iPhone 6s and later
- All models of iPad Pro
- iPad Air 2 and later
- iPad 5th generation and later
- iPad mini 4 and later
- iPod touch (7th generation)
- iPhone 8 and later
This update marks the eighth zero-day vulnerability that Apple has fixed since the beginning of this year. It is highly advisable to regularly update your Apple devices so that you always have the latest security fixes in place.
Discover Vulnerable Apple Devices
Based on the information shared by Apple, we have created a special Lansweeper report that lists all macOS, iOS, and iPadOS devices that are vulnerable to the vulnerability CVE-2022-32917. This way you have an actionable list of assets that still need to be updated.