{"id":20148,"date":"2022-09-20T16:10:03","date_gmt":"2022-09-21T00:10:03","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/09\/20\/news-13881\/"},"modified":"2022-09-20T16:10:03","modified_gmt":"2022-09-21T00:10:03","slug":"news-13881","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/09\/20\/news-13881\/","title":{"rendered":"[updated] Important update! iPhones, Macs, and more vulnerable to zero-day bug"},"content":{"rendered":"<p>On Monday, Apple released a long list of patched vulnerabilities to its software, including&nbsp;a new zero-day flaw affecting Macs and iPhones. The company revealed it&#8217;s aware that threat actors may have been actively exploiting this vulnerability, which is tracked as&nbsp;<strong><a href=\"https:\/\/cve.report\/CVE-2022-32917\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2022-32917<\/a><\/strong>.<\/p>\n<p>As it&#8217;s a zero-day, nothing much is said about CVE-2022-32917, only that it may allow malformed applications to execute potentially malicious code with kernel privileges. Apple says it&#8217;s patched this flaw with improved bounds checks. Below is a list of products this bug affects:<\/p>\n<ul>\n<li>Macs running&nbsp;<a href=\"https:\/\/support.apple.com\/en-us\/HT213444\" target=\"_blank\" rel=\"noreferrer noopener\">macOS Monterey 12.6<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/support.apple.com\/en-us\/HT213443\" target=\"_blank\" rel=\"noreferrer noopener\">macOS Big Sur 11.7<\/a><\/li>\n<li>iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)<\/li>\n<\/ul>\n<p>CVE-2022-32917 is the eighth zero-day flaw that Apple has addressed since the beginning of 2022. The first seven are as follows:<\/p>\n<ul>\n<li><a rel=\"noreferrer noopener\" href=\"https:\/\/cve.report\/CVE-2022-32894\" target=\"_blank\">CVE-2022-32894<\/a>, a flaw in the iOS Kernel, was patched in August<\/li>\n<li><a rel=\"noreferrer noopener\" href=\"https:\/\/cve.report\/CVE-2022-32893\" target=\"_blank\">CVE-2022-32893<\/a>, a flaw in WebKit, was patched in August<\/li>\n<li><a href=\"https:\/\/cve.report\/CVE-2022-22674\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2022-22674<\/a>, an Intel Graphics Driver bug, was patched in March<\/li>\n<li><a href=\"https:\/\/cve.report\/CVE-2022-22675\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2022-22675<\/a>, a bug in AppleACD, was patched in March<\/li>\n<li><a href=\"https:\/\/cve.report\/CVE-2022-22620\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2022-22620<\/a>, a WebKit bug affecting iPhones, Macs, and iPads, was patched in February<\/li>\n<li><a href=\"https:\/\/cve.report\/CVE-2022-22587\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2022-22587<\/a>, a privileged code execution flaw, was patched in January<\/li>\n<li><a href=\"https:\/\/cve.report\/CVE-2022-22594\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2022-22594<\/a>, a web browser activity tracking flaw, was patched in January<\/li>\n<\/ul>\n<h2>Mitigation<\/h2>\n<p>Since we received a lot of questions about what actions are needed, we&#8217;re adding this section for your convenience.<\/p>\n<p>The necessary updates for these vulnerabilities were included in:<\/p>\n<ul>\n<li>the <a href=\"https:\/\/support.apple.com\/en-us\/HT213443\" target=\"_blank\">September 12 update for macOS Big Sur 11.7<\/a>.<\/li>\n<li>the <a href=\"https:\/\/support.apple.com\/en-us\/HT213444\" target=\"_blank\">September 12 update for&nbsp;macOS Monterey 12.6<\/a>.<\/li>\n<li>the <a href=\"https:\/\/support.apple.com\/en-us\/HT213445\" target=\"_blank\">September 12 update for&nbsp;iOS 15.7 and iPadOS 15.7<\/a>.&nbsp;&nbsp;<\/li>\n<\/ul>\n<p>These should all have reached you in your regular update routines, but it doesn&#8217;t hurt to check if your device is at the <a href=\"https:\/\/support.apple.com\/en-us\/HT201222\" target=\"_blank\">latest update level<\/a>.&nbsp;<\/p>\n<p><a href=\"https:\/\/support.apple.com\/en-us\/HT204204\" target=\"_blank\">How to update your iPhone or iPad.<\/a><\/p>\n<p><a href=\"https:\/\/support.apple.com\/en-us\/HT201541\" target=\"_blank\">How to update macOS on Mac<\/a>.<\/p>\n<p>If you fear your Mac has been infected, try out&nbsp;<a href=\"https:\/\/malwarebytes.com\/mac\" target=\"_blank\" rel=\"noopener\">Malwarebytes for Mac<\/a>. Or&nbsp;<a href=\"https:\/\/support.malwarebytes.com\/hc\/en-us\/categories\/360002468273-Malwarebytes-for-iOS\">Malwarebytes for iOS<\/a>&nbsp;for your Apple devices.<\/p>\n<p>As this latest vulnerability is already being exploited, it&#8217;s really important that you update your devices as soon as you can. Stay safe!<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/update-now-apple-devices-are-exposed-to-a-new-zero-day-flaw\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<table cellpadding='10'>\n<tr>\n<td valign='top' align='left'>\n<p>Categories: <a href='https:\/\/www.malwarebytes.com\/blog\/category\/apple' rel='category tag'>Apple<\/a><\/p>\n<p>Categories: <a href='https:\/\/www.malwarebytes.com\/blog\/category\/exploits-and-vulnerabilities' rel='category tag'>Exploits and vulnerabilities<\/a><\/p>\n<p>Categories: <a href='https:\/\/www.malwarebytes.com\/blog\/category\/news' rel='category tag'>News<\/a><\/p>\n<p>Tags: CVE-2022-22594<\/p>\n<p>Tags:  CVE-2022-32917<\/p>\n<p>Apple has patched an actively-exploited flaw that affects a host of devices and software, including iPhones, Macs, iPads, and iPod touch.<\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/update-now-apple-devices-are-exposed-to-a-new-zero-day-flaw' title='[updated] Important update! iPhones, Macs, and more vulnerable to zero-day bug'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel='nofollow' href='https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/update-now-apple-devices-are-exposed-to-a-new-zero-day-flaw'>[updated] Important update! iPhones, Macs, and more vulnerable to zero-day bug<\/a> appeared first on <a rel='nofollow' href='https:\/\/www.malwarebytes.com'>Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[2211,27555,27556,22783,32],"class_list":["post-20148","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-apple","tag-cve-2022-22594","tag-cve-2022-32917","tag-exploits-and-vulnerabilities","tag-news"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20148","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=20148"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20148\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=20148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=20148"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=20148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}