Apple released security updates to fix 37 vulnerabilities impacting iOS, iPadOS, macOS, tvOS, and watchOS devices. The flaws addressed by Apple lead to arbitrary code execution, privilege escalation, denial-of-service (DoS), and information disclosure.
Below is the list of Apple security updates:
Name and information link | Available for | Release date |
---|---|---|
Safari 15.6 | macOS Big Sur and macOS Catalina | 20 Jul 2022 |
watchOS 8.7 | Apple Watch Series 3 and later | 20 Jul 2022 |
Security Update 2022-005 Catalina | macOS Catalina | 20 Jul 2022 |
macOS Big Sur 11.6.8 | macOS Big Sur | 20 Jul 2022 |
macOS Monterey 12.5 | macOS Monterey | 20 Jul 2022 |
tvOS 15.6 | Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD | 20 Jul 2022 |
One of the most severe issues addressed by the IT giant is a heap buffer overflow tracked as CVE-2022-2294. The vulnerability resides in the Web Real-Time Communications (WebRTC) component and was discovered by Google researchers who confirmed it is actively exploited in the wild in attacks aimed at Chrome users.
The vulnerability was reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01.
Another arbitrary code execution issue that was addressed by the company with the release of Safari 15.6 are:
The company also addressed several arbitrary code execution flaws impacting Neural Engine, Audio, GPU Drivers, ImageIO, and Kernel.
Users should upgrade their devices by installing iOS 15.6, iPadOS 15.6, macOS (Monterey 12.5, Big Sur 11.6.8, and 2022-005 Catalina), tvOS 15.6, and watchOS 8.7.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, arbitrary code execution)
[adrotate banner=”5″]
[adrotate banner=”13″]