HC3 TLP White: Sector Alert Apple Fixes Two Zero Day Exploits - August 18, 2022

Executive Summary

Apple has released a security update fixing two zero-day common vulnerability and exposures (CVE) that they state are being actively exploited. It is unknown as to how these bugs were discovered outside of the reports from an anonymous researcher. The exploits can grant an attacker remote code execution (RCE) and kernel level privileges on a device. A device compromised from these exploits could be subjected to data access to an unauthorized user, location retrieval, internet tracking, and much more. With the increasing use of iOS devices in the healthcare sector, it is strongly encouraged to update your devices immediately. Over the course of this year, Apple has released updates to fix seven total zero-day exploits.

View the detailed report below. 

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272