Image: Getty/iStockphoto

Apple has released patches to address kernel flaws affecting iOS/iPadOS 15 and macOS Big Sur and Catalina that are under attack. 

Apple in an advisory says the two newly disclosed kernel flaws "may have been actively exploited". 

Security

• 8 habits of highly secure remote workers
• How to find and remove spyware from your phone
• The best VPN services: How do the top 5 compare?
• How to find out if you are involved in a data breach -- and what to do next

One kernel flaw, tracked as CVE-2022-32917, is addressed in iOS/iPadOS 15.7, macOS Monterey 12.6 and macOS Big Sur 11.7, while macOS Big Sur 11.7 addresses a second already-exploited kernel flaw tracked as CVE-2022-32894. 

SEE:iOS 16 just dropped: Here are all the improvements you asked for

Both bugs were reported by anonymous researchers. CVE-2022-32917 is also listed as addressed in the just-released iOS 16.

So even if you don't want to update to iOS16 yet, updating to iOS 15.7 is still a good idea.

"This update provides important security updates and is recommended for all users," says Apple.

According to Google's zero-day tracker, Apple has patched eight zero day flaws affecting iOS and macOS this year. 

iOS devices that should be patched include iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

General users should also install Apple's latest updates, which address a large number of vulnerabilities, including multiple issues affecting the iOS/macOS kernel, Apple Maps, the MediaLibrary component, Safari, Safari extensions, Shortcuts, and Safari's WebKit engine. iOS 15.7 includes 10 CVE identifiers.     

Just under a month ago, Apple fixed two zero-day flaws affecting iOS 15.6 and then backported one of them to iOS 12. It's done that again, this time by bringing the fix for CVE-2022-32894 in iOS 15.6.1 to macOS Big Sur 11.7.  

Today, Apple has also released security-relevant updates in iOS 16, watchOS 9, tvOS 16, and Safari 16. 

Victims of the latest zero-day exploits are generally those at risk of highly targeted cyberattacks rather than the general public. But they could benefit from Lockdown Mode in iOS 16, which Apple released today. The feature helps protect users from what Apple described as "state-sponsored mercenary spyware". The feature is also available in macOS Ventura. 

Apple

Unlock the best new features in iPhone 15, iOS 17, and Apple Watch with these tipsiOS 17: The most impactful new iPhone features are also the ones you'll notice the leastNew iPhone 15 models compared: iPhone 15 vs. Plus vs. Pro vs. Pro MaxOne subtle (but important) reason to buy the iPhone 15 Pro instead of the iPhone 14 Pro

• Unlock the best new features in iPhone 15, iOS 17, and Apple Watch with these tips
• iOS 17: The most impactful new iPhone features are also the ones you'll notice the least
• New iPhone 15 models compared: iPhone 15 vs. Plus vs. Pro vs. Pro Max
• One subtle (but important) reason to buy the iPhone 15 Pro instead of the iPhone 14 Pro