On 18^th August 2022 Apple Inc. released a security update for a zero-day vulnerability exploited in Safari 15.6.1 for macOS Big Sur and Catalina to hack Macs.

“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” Said apple in the security update released.

The zero day vulnerability tracked as CVE-2022-32893 is an out-of-bounds write issue in WebKit that could allow a threat actor to execute code remotely on a vulnerable device.

On 17^th August 2022 Apple also fixed another zero-day vulnerability(tracked as CVE-2022-32894), an out-of-bounds write issue was addressed with improved bounds checking iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges.

Apple confirmed that threat actors are actively exploiting this vulnerability in the wild and have not made any disclosures about the vulnerability or information about how threat actors could exploit the vulnerability in the wild.

Update provided device list is,

iOS 15.6.1, iPadOS 15.6.1, macOS Monterey 12.5.1, iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Recommendations

It’s recommended to apply the provided security patches and updates as soon as possible to mitigate potential risks.

Source:

https://support.apple.com/en-us/HT201222

https://www.bleepingcomputer.com/news/security/apple-releases-safari-1561-to-fix-zero-day-bug-used-in-attacks/