Apple patches major security flaw — update your iPhone and Mac now

By Anthony Spadafora
published

Few details at the moment as Apple is giving users time to update their devices

A person holding a blue iPhone 13 in both hands
(Image credit: Shutterstock)

iPhone and Mac users will want to download and install the latest security updates from Apple as the company has patched a zero-day vulnerability that has been exploited in attacks since the beginning of this year.

As reported by BleepingComputer, the iPhone maker released a set of security advisories revealing that the company is aware of reports that this new security flaw “may have been actively exploited’ by hackers.

The zero-day vulnerability, tracked as CVE-2022-32917 and discovered by an anonymous researcher, could allow malicious apps to execute arbitrary code with kernel privileges. Fortunately, Apple has addressed this security flaw with the release of iOS 15.7, iPadOS 15.7, macOS Monterey 12.6 and macOS Big Sur 11.7 through improved bound checks.

If you have an iPhone 6S or later, any model of iPad Pro, iPad Air 2 or later, iPad 5th generation or later, iPad mini 4 or later or an iPod touch (7th gen), you’ll want to ensure you’re running the latest software from Apple. To do so, check out our guide on how to update an iPhone and for all other devices, this support document from Apple should have you covered.

Busy patching zero-days

In addition to this latest zero-day, Apple has also backported patches for another zero-day (tracked as CVE-2022-32894) to Macs running macOS Big Sur 11.7. Security updates were released back in August to patch the issue on older iPhones and iPads.

In fact, Apple has been quite busy patching zero-day vulnerabilities this year with seven others fixed so far. 

At the beginning of the year in January, the company patched two zero-days that enabled code execution with kernel privileges and web browsing activity tracking. Then in February, Apple released fixes for another WebKit zero-day being used in attacks against iPhones, iPads and Macs. In March, the company patched a zero-day in the Intel Graphics Driver and AppleAVD. Finally, in August, Apple patched two zero-day flaws in the iOS Kernel and WebKit.

Updating to iOS 16 will keep you protected 

iOS 16

(Image credit: Shutterstock)

If you’re concerned about your iPhone being attacked by exploits using this recently patched zero-day vulnerability, then your best bet is to update to iOS 16. Thankfully, we have a guide on how to download iOS 16 ready to go, so you can ensure your iPhone is running the latest software from Apple.

Anthony Spadafora
Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.