Apple has released security updates to address multiple vulnerabilities in macOS Big Sur and macOS Monterey. The vulnerability that Apple said is being exploited in the wild is CVE-2022-32894.
This is an out-of-bounds write flaw that could allow an attacker to execute an arbitrary code with kernel privileges. The vulnerability was reported by an anonymous researcher. The flaw is present both in iOS and macOS.
macOS Big Sur elevates the desktop operating system to a new level of power and beauty.
macOS Monterey is the successor of macOS Big Sur. It is the eighteenth and current major release of macOS, Apple’s desktop operating system for Macintosh computers.
This is the seventh zero-day fixed by Apple this year. The zero-days fixed by Apple this year are as follows:
- CVE-2022-22587 (IOMobileFrameBuffer)
- CVE-2022-22594 (WebKit Storage)
- CVE-2022-22620 (WebKit)
- CVE-2022-22674 (Intel Graphics Driver)
- CVE-2022-22675 (AppleAVD)
- CVE-2022-32893 (WebKit)
Affected versions
- Apple macOS Big Sur versions prior to 11.7
- Apple macOS Monterey versions prior to 12.6
Mitigation
Apple has released macOS Big Sur version 11.7 and macOS Monterey version 12.6 to address this vulnerability.
For more information, please visit the security advisories for macOS Big Sur (HT213443) and macOS Monterey (HT213444).
Qualys Detection
Qualys customers can scan their devices with QID 376980 and 376981 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://support.apple.com/en-us/HT213443
https://support.apple.com/en-us/HT213444