Report Incident
× Home Cybertech Africa 2023 2 DPO Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

Advisory: Apple iOS and macOS Flaw’s security advisory

Apple has released security updates to address vulnerabilities in iOS and macOS, including a new zero-day flaw that is being actively exploited by attackers. The zero-day flaw, is tracked as CVE-2022-32917.  
 
Affected systems
 
iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) and Macs running macOS Big Sur 11.7 and macOS Monterey 12.6.
 
https://support.apple.com/en-us/HT201222
 
Security Risks
 
Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets.
 
Recommended Actions
 
The National Cyber Security Authority (NCSA) strongly recommends system administrators:
  1. Follow the advisory shared by Apple and apply suggested mitigations to lower the risk of vulnerability exploitation.
  2. Before any updating task, please ensure you have a recent backup that can easily be restored.
 
For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009.
 
References:
https://thehackernews.com/2022/10/apple-ios-and-macos-flaw-couldve-let.html
https://techcrunch.com/2022/09/13/apple-ios-macos-zero-day-active-attack/
https://www.bleepingcomputer.com/news/security/apple-fixes-eighth-zero-day-used-to-hack-iphones-and-macs-this-year/

 

 

30 October 2022

© 2024 National Cyber Security Authority