HomeTechnologyApple security updates fix...

Apple security updates fix 2 zero days used to hack iPhones and Macs – Digikar

✔️ 2022-08-18 00:35:26 – Paris/France.

Apple today released emergency security updates to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads or Macs.

Zero-day vulnerabilities are security flaws known to attackers or researchers before the software vendor was aware of them or was able to fix them. In many cases, zero-days have public proof-of-concept exploits or are actively exploited in attacks.

Today Apple released macOS Monterey 12.5.1 and iOS 15.6.1/iPadOS 15.6.1 to address two zero-day vulnerabilities that have been allegedly actively exploited.

Both vulnerabilities are the same for all three operating systems, with the first identified as CVE-2022-32894. This vulnerability is an out-of-bounds write vulnerability in the operating system kernel.

Kernel is a program that functions as the main component of an operating system and has the highest privileges in macOS, iPadOS, and iOS.

An application, such as malware, can use this vulnerability to execute code with kernel privileges. As this is the highest privilege level, a process would be able to execute any command on the device, effectively taking full control over it.

The second zero-day vulnerability is CVE-2022-32893 and is an out-of-bounds write vulnerability in WebKit, the web browser engine used by Safari and other web-capable applications.

Apple says the flaw would allow an attacker to execute arbitrary code and, because it’s in the web engine, could likely be exploited remotely by visiting a maliciously crafted website.

The bugs were reported by anonymous researchers and fixed by Apple in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1 with Enhanced Limits checking both bugs.

The list of devices affected by the two vulnerabilities is as follows:

  • Mac running macOS Monterey
  • iPhone 6s and later
  • iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Apple disclosed active exploitation in the wild, but did not release any additional information regarding these attacks.

It’s likely that these zero-days were only used in targeted attacks, but it’s still strongly advised to install today’s security updates as soon as possible.

Seven zero-days patched by Apple this year

In March, Apple fixed two additional zero-day bugs that were used in Intel Graphics Driver (CVE-2022-22674) and AppleAVD (CVE-2022-22675) which could also be used to run code with kernel privileges .

In January, Apple patched two more actively exploited zero-days that allowed attackers to execute arbitrary code with kernel privileges (CVE-2022-22587) and track web browsing activity and user identities. in real time (CVE-2022-22594).

In February, Apple released security updates to fix a new zero-day bug exploited to hack iPhones, iPads and Macs, leading to operating system crashes and remote code execution on compromised devices. after processing maliciously crafted web content.

SOURCE : Digikar

Do not hesitate to share our article on social networks to give us a solid boost. 🤓

- A word from our sponsors -

Most Popular

LEAVE A REPLY

Please enter your comment!
Please enter your name here

More from Author

A Breakthrough in Atomic Stability

New research has uncovered the importance of atomic ring structures in...

A Fiery Farewell to ESA’s Pioneering ERS-2 Satellite

ERS-2 was launched in 1995, four years after ERS-1, the first...

A Leap Forward in Male Birth Control: Non-Hormonal, Reversible Method Unveiled

A new study by the Salk Institute presents a groundbreaking non-hormonal...

Scientists Reveal How One Type of Lung Cancer Can Transform Into Another

Researchers catch lung cancer transformation in the act: Immunofluorescence image shows...

- A word from our sponsors -

Read Now

A Breakthrough in Atomic Stability

New research has uncovered the importance of atomic ring structures in glass, revealing how their stability influences glass’s performance and transition temperatures. This advance in understanding glass’s molecular dynamics aids in designing better glass products for high-performance applications.Glass is increasingly utilized in various high-performance areas, covering consumer...

A Fiery Farewell to ESA’s Pioneering ERS-2 Satellite

ERS-2 was launched in 1995, four years after ERS-1, the first European Remote Sensing satellite. At the time, these two satellites were the most sophisticated European Earth observation spacecraft ever developed, delivering new information to study Earth’s land, oceans, atmosphere, and polar ice, as well as being...

A Leap Forward in Male Birth Control: Non-Hormonal, Reversible Method Unveiled

A new study by the Salk Institute presents a groundbreaking non-hormonal and reversible male contraceptive method using HDAC inhibitors to block sperm production without affecting libido. This method, targeting the regulation of gene expression in sperm production, promises fewer side effects and fully reversible fertility, indicating a...