Apple has released security updates to address vulnerabilities in iOS and macOS, including a new zero-day flaw that is being actively exploited by attackers. The zero-day flaw, is tracked as CVE-2022-32917.  

Affected systems

iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) and Macs running macOS Big Sur 11.7 and macOS Monterey 12.6.

https://support.apple.com/en-us/HT201222

Security Risks

Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends system administrators:

1. Follow the advisory shared by Apple and apply suggested mitigations to lower the risk of vulnerability exploitation.

2. Before any updating task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009.

References:

https://thehackernews.com/2022/10/apple-ios-and-macos-flaw-couldve-let.html

https://techcrunch.com/2022/09/13/apple-ios-macos-zero-day-active-attack/

https://www.bleepingcomputer.com/news/security/apple-fixes-eighth-zero-day-used-to-hack-iphones-and-macs-this-year/