Apple has issued security updates to address two zero-day vulnerabilities, which the tech giant says may have been exploited in the wild.
The zero-days in question are tracked as CVE-2022-32894 and CVE-2022-32893, and both have been described as an out-of-bounds write issue. The CVE-2022-32894 vulnerability exists due to a boundary error within the OS kernel component and allows arbitrary code execution with kernel privileges.
CVE-2022-32893 affects the WebKit component and could be abused for arbitrary code execution via a specially crafted website. Both bugs have been fixed with the release of macOS Monterey 12.5.1 and iOS 15.6.1/iPadOS 15.6.1.
In related news, Google has rolled out the Chrome 104 security update to fix over 10 security vulnerabilities, including a zero-day flaw being actively exploited in cyberattacks.
Tracked as CVE-2022-2856, the issue exists due to improper input validation in Intents component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.
Neither Apple, nor Google provided technical details regarding hacker attacks that exploited the above mentioned zero-day vulnerabilities.