Home / About / Threat Intelligence / iOS zero-day actively exploited

Target Industry

Indiscriminate and opportunistic targeting.

Severity level: High

Overview

A new advisory has been published by Apple warning of two zero-day exploits that are actively being used in the wild.

The vulnerabilities being exploited are being tracked with the following CVEs:

CVE-2022-32893: An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content.

CVE-2022-32894: An out-of-bounds issue in the operating system’s Kernel that could be abused by a malicious application to execute arbitrary code with the highest privileges.

Impact

In collaboration, these vulnerabilities would allow a malicious threat actor to execute code with kernel-level privileges on non-patched Apple devices, granting them full access to information stored inside. Additionally, CVE-2022-32894 gives attackers the ability to create fake yet seemingly innocent web pages that are ladened with malware. These sites can imitate commonly used sites, thereby deceiving victims in to visiting the site and becoming exposed to the malware.

Vulnerability Detection

iOS prior to patch 15.6.1. iPadOS prior to 15.6 macOS prior to 12.5.1

Affected Products

iPhone 6s and later, iPad Ai2 and later, iPad 5th generation and later, and iPad mini 4 and later. Additionally, this vulnerability affects users running macOS Monterey, macOS Big Sur and macOS Catalina.

Containment, Mitigations & Remediations

Users of these products are to patch immediately to the applicable update now available in the settings app.

It is strongly advised that customers maintain regular patching cycles to safeguard against future vulnerabilities and exposures.

Updating iOS will remove all unauthorised software.

Indicators of Compromise

Nil IOC.

Threat Landscape

With mobile devices being an integral part of both our personal and business lives, attackers will continue to exploit them when possible, for the sensitive information held within. These vulnerabilities are concerning but easily fixed.

Threat Group

No specific groups have been linked to this vulnerability.

Mitre Methodologies

T1210 – Exploitation of Remote Services

T1068 – Exploitation for Privilege Escalation

T1190 – Exploit Public Facing Application.

Further Information

CVE News article