Apple has released security updates for its iOS and macOS operating systems to address a high-severity vulnerability the vendor says “may have been actively exploited.”
Tracked as CVE-2022-32917 the flaw may allow a local application to escalate privileges on the system. The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
The bug has been fixed in iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6, and macOS Big Sur 11.7.
In August, Apple released security updates to patch two zero-day vulnerabilities that could be abused for arbitrary code execution.
Besides CVE-2022-32917, Apple has patched ten security issues in iOS 16, spanning Contacts, Kernel Maps, MediaLibrary, Safari, and WebKit. The iOS 16 update also comes with two notable features designed to bolster security - Lockdown Mode designed to safeguard high-risk users against “highly targeted cyberattacks,” and Rapid Security Response that enables rapid security software updates.