Apple releases security patches for all devices that fix dozens of new vulnerabilities

0
24

Apple rolled out on Wednesday software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting the platforms.

This includes at least 37 bugs that span various components in iOS and macOS, ranging from privilege escalation to arbitrary code execution and information disclosure to denial-of-service (DoS).

Chief among these is CVE-2022-2294, a memory corruption flaw in the WebRTC component that Google disclosed earlier this month as being exploited in real-world attacks targeting Chrome browser users. However, there is no evidence of in-the-wild zero-day exploitation of the flaw targeting iOS, macOS, and Safari.

In addition to CVE-2022-2294, the updates also address several arbitrary code execution errors affecting Apple Neural Engine (CVE-2022-32810, CVE-2022-32829, and CVE-2022-32840), Audio (CVE -2022-32820), GPU drivers (CVE-2022-32821), ImageIO (CVE-2022-32802), IOMobileFrameBuffer (CVE-2022-26768), kernel (CVE-2022-32813 and CVE-2022-32815), and WebKit (CVE-2022-32792).

There is also a patch for a Pointer Authentication bypass affecting the kernel (CVE-2022-32844), a DoS bug in the ImageIO component (CVE-2022-32785) and two privilege escalation bugs in AppleMobileFileIntegrity and File System Events (CVE-2022-32819 and CVE-2022-32826).

In addition, the latest version of macOS fixes five vulnerabilities in the SMB module that could potentially be exploited by a malicious app to gain elevated privileges, leak sensitive information, and execute arbitrary code with kernel privileges.

Apple device users are recommended to update to iOS 15.6, iPadOS 15.6, macOS (Monterey 12.5, Big Sur 11.6.8, and 2022-005 Catalina), tvOS 15.6, and watchOS 8.7 to get the latest security measures.