Apple released an emergency security update on August 17, 2022, according to a report released by Bleeping Computer. The updates released by Apple (macOS Monterey 12.5.1 and iOS 15.6.1/iPadOS 15.6.1) resolved two zero-day vulnerabilities in the Apple OS, specifically in the Kernel, which has the highest privileges and access to the OS, and WebKit, which is utilized by Safari and other web-based applications. According to the report, these zero-day vulnerabilities were being actively exploited prior to the update, making these the seventh exploited zero-day patch that Apple has released this year.
Who Were the Victims?
According to BleepingComputer, these zero-days were most likely only used in targeted attacks, but it is still greatly advised to install today’s security updates as soon as possible.
How Could It Have Been Prevented?
With zero-days becoming a larger and larger issue all the time, what could application providers do to make sure they are not affected by zero-day attacks? The key is implementing proactive data-protecting products within the application. Eclypses MTE® Technology enables applications to take security into their own hands. Implementing MTE inside of an application creates a separation from the operating system (OS) and ensures that all sensitive data is protected as soon as it is created. Securing data in this way ensures that only the application is authorized to access sensitive data, eliminating the need for trust in 3rd parties, including the OS, and reducing the effects of OS zero-day attacks.
For more information, reach out to our team here.