Threat Guidances
iOS
Vulnerability
August 19, 2022

iOS 15.6 Vulnerabilities

Lookout Coverage and Recommendation for Admins

Lookout provides multilayered protection for devices that are exploitable through multiple vectors and could be compromised. To ensure your devices aren't exposed through the vulnerabites in iOS 15,6 and earlier, Lookout admins should set default Os Out of Date policy to have a minimum iOS version of 15.6.1 for applicable models. They can then choose whether to alert the user that the device is out of compliance or block access to enterprise resources until iOS is updated.

In addition to requiring a minimum OS, admins should enable Lookout Phishing & Content Protection (PCP) to protect mobile users from malicious phishing campaigns that are built to exploit these vulnerabilities in order to phish credentials or deliver malicious apps to the device. Finally, Lookout will detect if an attacker is successfully able to compromise the device at the OS level.

Overview

Apple released a software update to iOS and iPadOS 15.6 to patch two core zero-day vulnerabilities, CVE-2022-32894 (Kernel) and CVE-2022-32893 (Webkit), which together form a full kill chain. The entry in the system could be via a crafted web content or an application and will allow a system takeover in the event of an active exploitation. There is evidence of active exploitation in the wild for these vulnerabilities already. Both of these CVEs could affect Apple iPhone, iPads, and iPod Touch models that have been available for years, which means that anyone using one of these devices should immediately update their device by going to Settings, General, then Software Update.

This update comes hot on the heels of another recent iOS update at the end of July, which patched over 35 vulnerabilities in the mobile operating system. Much like the vulnerabilities in 15.6, they could enable remote execution capabilities at the OS level.

Lookout Analysis

Both of these vulnerabilities are being actively exploited in the wild. They have been reported under CISA guidelines making it mandatory for all the government agencies to follow the vendor guidelines of the security update. For enterprise organizations, it’s always good to follow suit when CISA finds something critical enough that government organizations should patch it. As has been observed in the past, cyber attacks that first target the government are often found targeting businesses further down the line.

Together, these CVEs could grant a remote user a dangerous amount of control over the device by leveraging techniques such as T1404 (Exploitation for Privilege Escalation) and T1456 (Drive-By Compromise) found in the MITRE mobile ATT&CK matrix.

Authors

Lookout

Endpoint Security
Entry Type
Threat Guidances
Platform(s) Affected
iOS
Threat Type
Vulnerability
Platform(s) Affected
Threat Guidances
iOS
Vulnerability

Related Content

CVE-2025-31200-31201 Update

CISA recently added guidance to CVE-2025-31200, a memory corruption issue, and CVE-2025-31201, an arbitrary read and write issue.

Read Threat Article

CVE-2025-24201 on iOS

CISA recently provided guidance for CVE-2025-24201, an out-of-bounds write issue in WebKit. There has been evidence of active exploitation of this CVE.

Read Threat Article

Vulnerability Affecting Apple devices

CISA recently added guidance to CVE-2025-24085, a use-after-free issue, which affects Apple devices running on visionOS, iOS, iPadOS, macOS, tvOS, and watchOS.

Read Threat Article

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Schedule Demo
HeaderHeaderHeaderHeader
CellCellCellCell
CellCellCellCell
CellCellCellCell
CellCellCellCell