Home TechApple Apple releases patches for two zero-days that threaten iOS and macOS users
AppleAppsLatest NewsMac

Apple releases patches for two zero-days that threaten iOS and macOS users

by admin
written by admin

Enlarge
Getty Images


Apple on Thursday released fixes for two critical zero-day vulnerabilities in iPhones, iPads and Macs that allow hackers dangerous access to the internals of the operating systems the devices run on.

Apple credited the discovery of both vulnerabilities to an anonymous researcher. The first vulnerability, CVE-2022-22675, is in macOS for Monterey and in iOS or iPadOS for most iPhone and iPad models. The flaw, which stems from an out-of-bounds write issue, allows hackers to execute malicious code that runs with privileges of the kernel, the most security-sensitive region of the operating system. Meanwhile, CVE-2022-22674 also results from an out-of-bounds read issue that can lead to kernel memory exposure.

Apple released bare bones details for the bugs here and here. “Apple is aware of a report that this issue may have been actively exploited,” the company wrote about both vulnerabilities.

Let Apple zero-days rain down

CVE-2022-22674 and CVE-2022-22675 are the fourth and fifth zero-days that Apple patched this year. In January, the company rushed to release patches for iOS, iPadOS, macOS Monterey, watchOS, tvOS, and HomePod Software to fix a zero-day memory corruption bug that could allow attackers to run code with kernel privileges. The bug traced as CVE-2022-22587 was in the IOMobileFrameBuffer. A separate vulnerability, CVE-2022-22594, allowed websites to track sensitive user information. The exploit code for this vulnerability was publicly released before the patch was released.

In February, Apple released a fix for a Use after the free error in the Webkit browser engine that gave attackers the ability to run malicious code on iPhones, iPads, and iTouches. Apple said reports received indicated that the vulnerability — CVE-2022-22620 — may also be actively exploited.

Further reading

Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware

A
spreadsheet
Google security researchers claim tracking zero-days shows Apple fixed a total of 12 such vulnerabilities in 2021. Among them was a bug in iMessage that was targeted by the Pegasus spyware framework with a zero-click exploit, meaning that devices are compromised simply by receiving a malicious message, with no user action required. Two zero-days patched by Apple in May allowed attackers to infect cutting-edge devices.

This article was previously published on Source link

0 comment
0
FacebookTwitterPinterestEmail

You may also like

The 9 Best TVs We Tested (2023): Cheap,...

Meet the Titans, DC Comics’ New Justice League

Federal prosecutors are asking the court to bar...

Audi’s new off-road EV concept looks wild

7 things we wish Disney would do differently...

You may be able to write your own...

Dell UltraSharp 43 4K USB-C Hub Monitor

Best phones under Rs 20,000 (January 2023): Motorola...

8 Best Sites to Watch Funny Pet Videos

Wordle Today: Answers and Hints for January 28...

@2021 - All Right Reserved. Designed and Developed by webinfobuzz.com

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy