Apple has released a major update for iOS that carries fixes for a number of critical vulnerabilities, including 21 individual flaws that can lead to arbitrary code execution.
Many of those serious flaws are in the iOS kernel itself and an attacker who is able to exploit any of them would be able to run arbitrary code with kernel privileges. There are also four separate vulnerabilities in the IOMobileFrameBuffer component of iOS that can lead to kernel level privileges. In all, Apple fixed 42 vulnerabilities with the release of iOS 15.2.
The number and severity of the vulnerabilities patched in this iOS release is unusual and make it one for organizations to prioritize for employee devices. The same update is available for iPads.
A number of the same vulnerabilities were also patched in macOS Monterey, Catalina, and Big Sur, along with quite a number of other flaws. Four of the bugs specific to macOS are Gatekeeper bypasses that can allow an attacker to get around some of the privacy protections and safeguards built into macOS. Gatekeeper is the system Apple uses to check applications for known malware and to ensure the developer’s code-signing certificate is still valid.
There are more than 40 individual vulnerabilities fixed in the new macOS Monterey 12.1 release, but Apple did not say there were any indications that any of the flaws in macOS or iOS are under active exploitation at this time.