August 19th: Apple security updates +++ Google Chrome zero-day +++ BugDrop malware

Apple security updates to patch new zero-day vulnerabilites

Apple released on Wednesday security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices:

  • CVE-2022-32893 β€“ An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content.
  • CVE-2022-32894 β€“ An out-of-bounds issue in the operating system’s Kernel that could be abused by a malicious application to execute arbitrary code with the highest privileges.

The list of devices affected by both vulnerabilities are:

  • Macs running macOS Monterey
  • iPhone 6s and later
  • iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Both vulnerabilities have been fixed in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1. The iOS and iPadOS updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). Update your Apple devices now!

Interested in more information? Here are some of our trusted sources on these vulnerabilities and updates:

Google Chrome zero-day: exploited in the wild

A zero-day security vulnerability in Google’s Chrome browser is being actively exploited in the wild. Google released 11 security patches for Chrome this week, which are now being pushed out in stages to those with automatic updates enabled for Windows, Mac, and Linux; however, everyone can also update it manually.

Google is aware that an exploit for CVE-2022-2856 exists in the wild. This vulnerability is rated as high severity and involves β€œinsufficient validation of untrusted input in Intents”, as written in an alert by Malwarebytes. Update Chrome now!

Another source on this topic: Chrome Releases: Stable Channel Update for Desktop (googleblog.com)

BugDrop malware to bypass Android security

Researchers from ThreatFabric discovered a previously undetected Android dropper, dubbed BugDrop, which is under active development and was designed to bypass security features that will be implemented in the next release of Google OS. The dropper was developed by a cybercriminal group and spotted by the researchers posed as a QR code reader. The experts noticed that starting with Android 13, Google is blocking accessibility API access to apps installed from outside of the official app store. However, BugDrop attempts to bypass this security measure by deploying malicious payloads via a session-based installation process. BugDrop will give attackers new capabilities to target banking institutions and bypass security solutions

Would you like to learn more? Bugdrop: the first malware trying to circumvent Google’s security Controls (threatfabric.com)


Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.

Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.

And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.