Apple recently released a software update for iOS and iPadOS 15.6.1 to fix a zero-day kernel vulnerability identified as CVE-2022-32917. This critical vulnerability in Apple devices allows code execution with kernel privileges. Lookout explains how.
Apple is aware of a report mentioning active exploitation of the vulnerability in the wild. This vulnerability could allow a maliciously crafted application to execute arbitrary code with kernel privileges. This CVE could affect Apple iPhone, iPad, and iPod Touch models, meaning anyone using one of these devices should update their device immediately by going to Settings, General, and then Software Update. Apple fixed this vulnerability in both iOS 15.7 and iOS 16.
Already the 8th vulnerability in 2022
This is the eighth zero-day vulnerability that Apple has fixed at the operating system level this year. The iOS 15.7 update also covers 10 other vulnerabilities of varying severity, including two webkit vulnerabilities that can also be exploited remotely via a crafted website, and the three kernel vulnerabilities ranging from granting privileged access to exposing the kernel memory is enough.
Vulnerability allows device control
Together, these CVEs could grant control of the device to a remote user using techniques such as Exploitation for Privilege Escalation (T1404) and Drive-by Compromise (T1456) found in the MITER Mobile ATT&CK matrix. In light of reports of the CVE-2022-32917 kernel vulnerability being actively exploited in the wild, Lookout strongly suggests that administrators establish policies that encourage their users to update their Apple devices to at least version 15.7 . CVE-2022-32917 was reported under CISA guidelines, making it mandatory for all government agencies to follow the security update vendor guidelines.
More at Lookout.com
About Lookout Lookout co-founders John Hering, Kevin Mahaffey, and James Burgess came together in 2007 with the goal of protecting people from the security and privacy risks posed by an increasingly connected world. Even before smartphones were in everyone's pocket, they realized that mobility would have a profound impact on the way we work and live.