Flash Notice: UPDATE - Apple Releases Security for Zero-Day Vulnerabilities Exploited by Attackers

Update (9/2/2022)

This week, Apple released more updates for the actively exploited zero-day CVE-2022-32893 – an out of bounds write issue that allows attackers to execute arbitrary code with kernel privileges, ultimately taking over an entire system.

The update, iOS 12.5.6, impacts the following:

• iPhone 5S
• iPhone 6
• iPhone 6 Plus
• iPad Air
• iPad Mini 2
• iPad Mini 3
• iPod Touch (6^th generation)

The patches are for older devices running older versions of iOS, indicating that Apple may have come across some high-profile or high-risk users of older devices who were compromised. Earlier in August 2022, Apple patched a kernel vulnerability tracked as CVE-2022-32894. Apple stated in their advisory that iOS 12 is not impacted by CVE-2022-32894 but it is vulnerable to CVE-2022-32893.

All users impacted by CVE-2022-32893 and CVE-2022-32894 should implement the security updates as soon as possible. For guidance on how to update your device, please visit Apple’s Support page.

Overview 

Apple released security updates for vulnerabilities found in iOS, iPadOS, MacOS Big Sur, and macOS Monterey. CVE-2022-32894 and CVE-2022-32893 are zero-day flaws that contain code execution vulnerabilities being exploited by attackers in the wild. There are few details surrounding the vulnerabilities or how they were leveraged, but the flaws are believed to be exploited for targeted attacks.  

CVE-2022-32894 is an out-of-bounds write issue that allows attackers to execute arbitrary code with kernel privileges, ultimately taking over an entire system. CVE-2022-32893 is a WebKit flaw that allows attackers to execute arbitrary code through maliciously crafted web content. WebKit is a browser engine that powers Safari and other iOS web browsers. The bug can be triggered by processing maliciously crafted web content, which can then lead to arbitrary code execution.  

Apple released  updates to patch both vulnerabilities:  

• iOS 15.6.1 
• iPadOS 15.6.1 
• macOS 12.5.1 
• Safari 15.6.1 for macOS Big Sur and Catalina 
• Other macOS versions will receive updates at a later date  

All users impacted by CVE-2022-32983 and CVE-2022-32984 should implement the security updates as soon as possible.  

How Avertium is Protecting Our Customers:

• Avertium recommends utilizing our service for DFIR (Digital Forensics and Incident Response) to help you rapidly assess, contain, eradicate, and recover from a security incident. 

• Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. 
  
• Avertium offers Zero Trust Architecture, like AppGate, to stop malware lateral movement.  

Avertium's recommendations

Please patch your device as soon as possible. You can find guidance on security updates at the links below:  

• iOS 15.6.1 
• iPadOS 15.6.1 
• macOS 12.5.1 
• Safari 15.6.1 for macOS Big Sur and Catalina 

 INDICATOR'S OF COMPROMISE (IOCS):

Supporting documentation

Apple fixes exploited zero-days: Update your devices! (CVE-2022-32894, CVE-2022-32893) - Help Net Security 

About the security content of Safari 15.6.1 - Apple Support 

New macOS 12.5.1 and iOS 15.6.1 updates patch “actively exploited” vulnerabilities [Updated] | Ars Technica 

Apple patches double zero-day in browser and kernel – update now! – Naked Security (sophos.com) 

Apple Quietly Releases Another Patch for Zero-Day RCE Bug (darkreading.com)

About the security content of iOS 12.5.6 - Apple Support

Related Reading: Zeppelin Ransomware Targets Healthcare

Contact us for more information about Avertium’s managed security service capabilities.