Apple has released emergency security updates to fix vulnerabilities exploited by attackers in an effort to hack iPhones, iPads, or Macs. As such, we are issuing this advisory to call this to your attention and asking you to update your devices now.

IMPACT  

The two vulnerabilities (CVE-2022-32894 & CVE-2022-32893) are the same for all three Apple operating systems. The vulnerabilities give hackers the ability to take control of a device’s operating system to execute arbitrary code and potentially infiltrate devices through maliciously crafted web content.

DEVICES AFFECTED  

• Macs running macOS Monterey
• iPhone 6s and later
• iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).   

RECOMMENDATIONS

Apple has released macOS Monterey 12.5.1,  iOS 15.6.1/iPadOS 15.6.1 and Safari 15.6.1 for macOS Big Sur and Catalina to resolve two zero-day vulnerabilities. It is recommended to update your operating systems and browser now.

REFERENCES  

[1] https://support.apple.com/en-us/HT201222

[2] https://www.bleepingcomputer.com/news/security/apple-releases-safari-1561-to-fix-zero-day-bug-used-in-attacks/