Apple last week revealed the fix of two critical flaws in the iPhone and iPad operating systems. Zero-day vulnerabilities allowed remote code execution and the processing of malicious content created by criminals to break into corporate devices and networks; both already have update available.
Flaws fixed by Apple are tracked as CVE-2022-32894 and CVE-2022-32893. Both were reported to the company by anonymous researchers in digital security and affect practically all models of the brand’s devices available on the market; the list includes, for example, the iPhone 6s and above, as well as the iPad Pro, Air 2 and fifth generation, and the seventh generation iPod touch.
The recommendation is to download iOS and iPadOS 15.6.1 updates as soon as possible, since the holes are being used by criminals in attacks. The greatest fear concerns the systems of companies and public organizations, as unprotected devices can serve as an initial vector of access to internal systems for launching even more devastating blows.
In the first failure, the possibility is for attackers to access the operating system kernel, from the remote execution of malicious codes and applications. In the second case, reaching the WebKit system, the creation of fraudulently created online content could also lead to remote attacks, with writing outside the memory limits.
Users of iPhones and iPads that are compatible with the update should see notifications about the update on the device’s home screen and also in the Settings menu, where the installation can be performed or scheduled for a convenient time. It is important to always apply patches so that known security issues like this one cannot be taken advantage of by bad guys in attacks.