[updated] Important update! iPhones, Macs, and more vulnerable to zero-day bug


On Monday, Apple released a long list of patched vulnerabilities to its software, including a new zero-day flaw affecting Macs and iPhones. The company revealed it's aware that threat actors may have been actively exploiting this vulnerability, which is tracked as **[CVE-2022-32917](<https://cve.report/CVE-2022-32917>)**. As it's a zero-day, nothing much is said about CVE-2022-32917, only that it may allow malformed applications to execute potentially malicious code with kernel privileges. Apple says it's patched this flaw with improved bounds checks. Below is a list of products this bug affects: * Macs running [macOS Monterey 12.6](<https://support.apple.com/en-us/HT213444>) and [macOS Big Sur 11.7](<https://support.apple.com/en-us/HT213443>) * iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) CVE-2022-32917 is the eighth zero-day flaw that Apple has addressed since the beginning of 2022. The first seven are as follows: * [CVE-2022-32894](<https://cve.report/CVE-2022-32894>), a flaw in the iOS Kernel, was patched in August * [CVE-2022-32893](<https://cve.report/CVE-2022-32893>), a flaw in WebKit, was patched in August * [CVE-2022-22674](<https://cve.report/CVE-2022-22674>), an Intel Graphics Driver bug, was patched in March * [CVE-2022-22675](<https://cve.report/CVE-2022-22675>), a bug in AppleACD, was patched in March * [CVE-2022-22620](<https://cve.report/CVE-2022-22620>), a WebKit bug affecting iPhones, Macs, and iPads, was patched in February * [CVE-2022-22587](<https://cve.report/CVE-2022-22587>), a privileged code execution flaw, was patched in January * [CVE-2022-22594](<https://cve.report/CVE-2022-22594>), a web browser activity tracking flaw, was patched in January ## Mitigation Since we received a lot of questions about what actions are needed, we're adding this section for your convenience. The necessary updates for these vulnerabilities were included in: * the [September 12 update for macOS Big Sur 11.7](<https://support.apple.com/en-us/HT213443>). * the [September 12 update for macOS Monterey 12.6](<https://support.apple.com/en-us/HT213444>). * the [September 12 update for iOS 15.7 and iPadOS 15.7](<https://support.apple.com/en-us/HT213445>). These should all have reached you in your regular update routines, but it doesn't hurt to check if your device is at the [latest update level](<https://support.apple.com/en-us/HT201222>). [How to update your iPhone or iPad.](<https://support.apple.com/en-us/HT204204>) [How to update macOS on Mac](<https://support.apple.com/en-us/HT201541>). If you fear your Mac has been infected, try out [Malwarebytes for Mac](<https://malwarebytes.com/mac>). Or [Malwarebytes for iOS](<https://support.malwarebytes.com/hc/en-us/categories/360002468273-Malwarebytes-for-iOS>) for your Apple devices. As this latest vulnerability is already being exploited, it's really important that you update your devices as soon as you can. Stay safe!