Many upgrades for iOS, iPadOS, macOS, tvOS, and watchOS are now available. The update fixes 37 known vulnerabilities that might result in privilege escalation, arbitrary code execution, information exposure, or even the facilitation of denial of service (DoS) attacks.
Apple has fixed the most dangerous vulnerability this week, CVE-2022-2294. This WebRTC bug involves memory corruption. The latter was utilized in attempted assaults on Chrome users that Google discovered at the beginning of July.
The additional updates released by Apple allow for the closure of flaws affecting the Neural Engine (specifically the vulnerabilities CVE-2022-32810, CVE-2022-32829, and CVE-2022-32840), as well as the audio (CVE-2022-32820), GPU drivers (CVE-2022-32821), ImageIO (CVE-2022-32802, CVE-2022-32785), IOMobileFrameBuffer (CVE-2022-26768), the kernel (CVE-2022-32792).
Additionally, we find that Apple has fixed five issues with the SMB module. In particular, a malicious program might use these to get root privileges, access private data, and run arbitrary code directly at the kernel level.
These changes are spread among seven distinct upgrades for Apple TV, Apple Watch, iPads, iPhones, and Macs. We’re talking about iOS 15.6, iPadOS 15.6, macOS Monterey 12.5, tvOS 15.6, and watchOS 8.7, as well as Big Sur 11.6.8 and Catalina 10.15.7 for older Macs.