The Hacker NewsTHN:DEAEC76D89D5583101E2E6036C289609Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices.
The list of issues is below -
- CVE-2022-32893 - An out-of-bounds write issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content
- CVE-2022-32894 - An out-of-bounds write issue in the operating systemβs Kernel that could be abused by a malicious application to execute arbitrary code with the highest privileges
Apple said it addressed both the issues with improved bounds checking, adding itβs aware the vulnerabilities βmay have been actively exploited.β
The company did not disclose any additional information regarding these attacks or the identities of the threat actors perpetrating them, although itβs likely that they were abused as part of highly-targeted intrusions.
The latest update brings the total number of actively exploited zero-days patched by Apple to six since the start of the year -
- CVE-2022-22587 (IOMobileFrameBuffer) β A malicious application may be able to execute arbitrary code with kernel privileges
- CVE-2022-22620 (WebKit) β Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2022-22674 (Intel Graphics Driver) β An application may be able to read kernel memory
- CVE-2022-22675 (AppleAVD) β An application may be able to execute arbitrary code with kernel privileges
Both the vulnerabilities have been fixed in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1. The iOS and iPadOS updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Update: Apple on Thursday released a security update for Safari web browser (version 15.6.1) for macOS Big Sur and Catalina to patch the WebKit vulnerability fixed in macOS Monterey.
Found this article interesting? Follow THN on Facebook, Twitter ο and LinkedIn to read more exclusive content we post.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C