Background
On August 19, 2022, Apple released emergency security updates to fix two zero-day vulnerabilities in their products, including iPhones, iPads, and Mac computers. These vulnerabilities are listed as CVE-2022-32893 and CVE-2022-32894.
Impact
The two vulnerabilities act the same on all three Apple operating systems: macOS, iPadOS, and iOS. An attacker could use malware to trigger a remote code execution exploit against the kernel of a vulnerable device to gain complete control over it. The kernel is a program that operates as the core component of an operating system and has the highest privileges.
Platforms Affected
The vulnerabilities impact Apple devices that run the following operating systems:
- Macs running macOS Monterey 12.5.0 or earlier
- iPhone 6s and later running iOS 15.6.0 and earlier
- iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) running iOS 15.6.0 and earlier
Local Observations
At this time, UISO has not experienced any local exploits on its network.
UISO Recommendations
Owners of Apple devices must update their devices as soon as possible to macOS 12.5.1 and iOS 15.6.1 to avoid exploits of these vulnerabilities.
For information on how to update your Apple device, please contact your local UITS support person or see Apple Support for guidance:
Workarounds
There are no known reliable workarounds at this time. Updating your operating system is the only known way to mitigate this vulnerability at this time.