Understanding and responding to Apple’s emergency security updates for macOS, iOS and iPadOS (August 2022)

In the past few days, Apple has released emergency security updates in response to two zero-day vulnerabilities that have been actively exploited by attackers targeting its macOS, iOS and iPadOS operating systems.

The CVEs in question are CVE-2022-32894 and CVE-2022-32893, listed in the Common Vulnerabilities and Exposures (CVE) database which makes it easier to share data across separate vulnerability capabilities (tools, databases, and services). 

Kernel – CVE-2022-32894

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32894: an anonymous researcher

Webkit – CVE-2022-32893

Available for: macOS Big Sur and macOS Catalina

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

The fix for CVE-2022-32893 is now also available for Safari in macOS Big Sur and macOS Catalina

What to do:

You should update your Mac, iPhone or iPad as soon as possible by following the instructions in the Apple Security Updates page. 

The latest available operating system version are:

• iOS 15.6.1
• iPadOS 15.6.
• macOS Monterey 12.5.1

datajar.mobi customers will see their devices being updated as per the remote update schedule. Any customers that require advice or support are welcome to contact our Support Desk via the dataJAR help centre.