Description:
Apple has released iOS 15.7, iOS 16 and iPadOS 15.7 to fix the vulnerabilities in various Apple devices. The list of vulnerability information can be found at:
- https://support.apple.com/en-us/HT213445
- https://support.apple.com/en-us/HT213446
Reports indicate that the vulnerability (CVE-2022-32917) is being actively exploited in the wild. You are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Affected Systems:
- iPhone 6s and later
- iPad 5th generation and later, Air 2 and later, mini 4 and later, Pro (all models)
- iPod touch (7th generation)
Impact:
A successful exploitation could lead to arbitrary code execution, information disclosure, privilege escalation, security restriction bypass or spoofing on an affected device.
Recommendation:
Apple has released new version of iOS and iPadOS to address the issue.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
More Information:
- https://support.apple.com/en-us/HT213445
- https://support.apple.com/en-us/HT213446
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32795
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32854
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32864
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32868
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32872
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32883
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32886
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32908
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32911 (to CVE -2022-32912)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32917