https://www.helpnetsecurity.com/2022/08/18/cve-2022-32894-cve-2022-32893-cve-2022-2856/
Apple fixes exploited zero-days
Apple has released security updates for iOS, iPadOS, and macOS Monterey to
fix CVE-2022-32894 and CVE-2022-32893, two code execution vulnerabilities exploited by attackers in the wild.
CVE-2022-32894 is out-of-bounds write issue in the operating systems'
kernel that can be exploited by a malicious application to execute
arbitrary code with kernel privileges (and take control over the entire
system)
CVE-2022-32893 is out-of-bounds write issue in WebKit - Apple's browser
engine that powers its Safari web browser and all iOS web browsers - that
can be triggered by the processing of maliciously crafted web content. It,
as well, can lead to arbitrary code execution.
All users should implement the updates as soon as possible, by upgrading to
iOS 15.6.1
iPadOS 15.6.
macOS 12.5.1
A researcher found the exploits and told Apple about them.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)