Vulnerabilities found in new macOS 12.5.1 and iOS 15.6.1 updates patch

macOS 12.5.1 and iOS 15.6.1 vulnerabilities

Apple has released a trio of operating system updates to fix security holes that it says "may have been actively exploited". The macOS 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 updates are now available for download and should be installed as soon as possible. 

All three updates fix the same pair of bugs. One, labeled CVE-2022-32894, is a kernel vulnerability that could allow applications to "execute arbitrary code with kernel privileges." The other, CVE-2022-32893, is a WebKit bug that allows arbitrary code execution via "content". Both discoveries were made by an unnamed security researcher. WebKit is used in the Safari browser as well as apps like Mail that use Apple's WebView to display and display content. 

Apple has not released equivalent security patches for macOS Catalina or Big Sur, two older versions of macOS that still receive regular security updates. We've reached out to Apple to find out if they plan to release these fixes for older operating systems or if they're bug-free and don't need fixing. 

Apple's software release notes for updates do not refer to any other fixes or features. Apple is actively developing iOS 16, iPadOS 16, and macOS Ventura, and these updates are expected to release later this fall.