Apple has pushed out security updates to iOS, iPadOS and macOS patching a vulnerability that “may have been actively exploited.”
CVE-2022-32894 (macOS 12.5.1, iOS/iPadOS 15.6.1) is the issue across all three platforms, and it’s a weakness where “maliciously crafted web content may lead to arbitrary code execution.” In other words, it’s a vulnerability in the OS’ kernel and WebKit, which allows malicious code to be executed on unpatched devices.
Which devices? Quite a lot as it turns out. Every Apple smartphone from 2015’s iPhone 6s onwards, the iPod touch 7th generation, all Macs running macOS Monterey and pretty much all recent iPads. This is to say every iPad Pro and recent iPad Airs (2 and later), regular iPads (fifth generation onwards) and iPad mini (4 and later).
While the most vulnerable to this kind of weakness are high-profile hacking targets — think politicians and celebrities — everyone should update their devices as soon as possible. This is especially true given Apple’s warning that the vulnerability may have already been used on victims.
On iPhone and iPad, hit the Settings app, and then tap ‘General’, followed by ‘Software Update.’ If you’re patching a Mac, click on ‘System Preferences’ and then ‘Software Update.’
As The Verge notes, you may be getting a sense of deja vu reading this, as there have been no fewer than 13 updates to iOS 15 since it was released 11 months ago, and nine of those have blocked different flavors of code execution vulnerabilities. Five of these include the dreaded words “Apple is aware of a report that this issue may have been actively exploited.”
Apple used to make its devices’ security a key selling point, boasting that Macs don’t get viruses, unlike Windows systems. But as Apple has grown bigger and bigger, and with nearly two billion devices activated, the company now has just as big a target on it for hackers as Microsoft did in the 90s and 2000s. In short, this is unlikely to be the last time you need to update your Apple devices urgently…
