• Skip to Content
  • Skip to Main Navigation
  • Skip to Search

Indiana University Indiana University IU

Open Search
  • Personal Preparedness
    • Email & phishing scams
    • Identity verification
    • IU passphrases
    • Hardware & software security
      • Laptop & mobile device security
      • Malware, scareware, & ransomware
      • Wearable technologies
      • Use of survey software
    • File sharing & copyright
      • Contesting copyright infringement notices
      • Disabling peer-to-peer file sharing
      • Copyright tutorial
      • Copyright infringement incident resolution
    • Vulnerability Disclosure Guidance
    • Keeping data safe
    • Web privacy
    • Account privileges
    • Remote Desktop
  • Information & IT Policies
    • Policy Hierarchy
    • Privacy policies & FAQ
    • Acceptable Use Agreement
    • Information & IT Policy Process
    • Cyber Risk Review
    • IT-12 Security Standards
  • Information Security & Privacy Program
    • Scope
    • Goals & Objectives
    • Governance
    • Principles
    • Safeguards
      • Risk assessment and treatment
      • Policy administration
      • Organization
      • Asset management
      • Human resources
      • Physical & environmental security
      • Communications & operations management
      • Identity & access control
      • Information systems acquisition, development, and maintenance
      • Incident management
      • Business continuity management
      • Compliance
    • Charter
  • Privacy Portal
    • Privacy matters
    • Sensitive data
      • Guidelines
    • Sharing institutional data with third parties
  • Resources for IT Staff
    • Information Risk Assessments
    • SecureMyResearch
    • Cloud computing
    • Audits & requirements
    • Data encryption
    • Back up data
    • Information security best practices
    • CIS Secure Suite
    • Disaster recovery planning
    • Managing employee data
    • Medical device security
    • Transferring data securely
    • Using SSH
    • Additional resources
      • Privacy Notice Generator
      • Incident Response Webservice
      • SSL/TLS certificates
  • About
    • Glossary of Terms
    • Trustees Resolution
  • Contact
  • Report an Incident
    • Report Privacy Incident or Request Assistance
    • Emergency IT Incidents
    • Managing Incidents
    • Identity Theft
    • Reporting Suspected Sensitive Data Exposures
    • Reporting Suspected HIPAA Data Exposures

Information Security & Policy

  • Home
  • Personal Preparedness
    • Email & phishing scams
    • Identity verification
    • IU passphrases
    • Hardware & software security
    • File sharing & copyright
    • Vulnerability Disclosure Guidance
    • Keeping data safe
    • Web privacy
    • Account privileges
    • Remote Desktop
  • Information & IT Policies
    • Policy Hierarchy
    • Privacy policies & FAQ
    • Acceptable Use Agreement
    • Information & IT Policy Process
    • Cyber Risk Review
    • IT-12 Security Standards
  • Information Security & Privacy Program
    • Scope
    • Goals & Objectives
    • Governance
    • Principles
    • Safeguards
    • Charter
  • Privacy Portal
    • Privacy matters
    • Sensitive data
    • Sharing institutional data with third parties
  • Resources for IT Staff
    • Information Risk Assessments
    • SecureMyResearch
    • Cloud computing
    • Audits & requirements
    • Data encryption
    • Back up data
    • Information security best practices
    • CIS Secure Suite
    • Disaster recovery planning
    • Managing employee data
    • Medical device security
    • Transferring data securely
    • Using SSH
    • Additional resources
  • Search
  • About
  • Contact
  • Report an Incident
  • Home
  • Security Bulletins
  • Apple security updates to fix critical vulnerability

Apple security updates to fix critical vulnerability

Friday, August 19, 2022

Background

On August 19, 2022, Apple released emergency security updates to fix two zero-day vulnerabilities in their products, including iPhones, iPads, and Mac computers.  These vulnerabilities are listed as CVE-2022-32893 and CVE-2022-32894.

Impact

The two vulnerabilities act the same on all three Apple operating systems: macOS, iPadOS, and iOS.  An attacker could use malware to trigger a remote code execution exploit against the kernel of a vulnerable device to gain complete control over it.  The kernel is a program that operates as the core component of an operating system and has the highest privileges.

Platforms Affected

The vulnerabilities impact Apple devices that run the following operating systems:

  • Macs running macOS Monterey 12.5.0 or earlier
  • iPhone 6s and later running iOS 15.6.0 and earlier
  • iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) running iOS 15.6.0 and earlier

Local Observations

At this time, UISO has not experienced any local exploits on its network.

UISO Recommendations

Owners of Apple devices must update their devices as soon as possible to macOS 12.5.1 and iOS 15.6.1 to avoid exploits of these vulnerabilities.

For information on how to update your Apple device, please contact your local UITS support person or see Apple Support for guidance:

Apple Support: Update macOS on Mac

Apple Support: Update your iPhone, iPad, or iPod touch

Workarounds

There are no known reliable workarounds at this time.  Updating your operating system is the only known way to mitigate this vulnerability at this time.

Further Reading

About the security content of iOS 15.6.1 and iPadOS 15.6.1

About the security content of macOS Monterey 12.5.1

 

Information Security & Policy resources

  • Leading in Cybersecurity
  • IU Data Management

Indiana University

Accessibility | College Scorecard | Open to All | Privacy Notice | Copyright © 2025 The Trustees of Indiana University