Apple is releasing patches for two zero days threatening iOS and macOS users

Apple on Thursday unveiled fixes for two major zero-day vulnerabilities in iPhones, iPods and Macs that could allow hackers to gain dangerous access to the OS’s running devices.

Apple added pride to an anonymous researcher who discovered both vulnerabilities. The first vulnerability is CVE-2022-22675, macOS for Monterey and iOS or iPadOS for most iPhone and iPad models. The ability to run malicious code running with the privileges of the kernel, the most security-sensitive part of the OS, gives hackers a flaw that arises from the problem of writing out of bounds. CVE-2022-22674, meanwhile, is the result of an over-the-top reading problem that could lead to kernel memory exposure.

Apple has released bare-bone details for the defects Here And Here. “Apple is aware of a report that this issue could have been seriously exploited,” the company wrote in both vulnerabilities.

Apple zero days rain

CVE-2022-22674 and CVE-2022-22675 are Apple’s fourth and fifth zero days of the year. In January, the company released links for iOS, iPadOS, macOS Monterey, watchOS, tvOS and HomePod software. Fix zero day memory corruption bug It gives exploiters the ability to run code with kernel privileges. The bug that was monitored as CVE-2022-22587 was in IOMobileFrameBuffer. A separate vulnerability, CVE-2022-22594, enabled websites to monitor sensitive user information. Before the patch was issued, the exploitative code for that vulnerability was made public.

Apple pushed for a solution in February Use after free error Webkit browser engine that gives attackers the ability to run malicious code on iPhones, iPods and iTunes. Apple Corps said in a statement that the report “CVE-2022-22620” may have been used extensively.

See also  Boeing Starliner astronaut launch delayed until at least May 17 - Orlando Sentinel

A Spreadsheet Google security researchers are keeping track of zero days that Apple fixed 12 vulnerabilities in 2021. One of the flaws in iMessage is that it targets the Pegasus spyware framework. Zero-click exploitation, I.e. devices are infected by receiving malicious message and no user action is required. Two zero days more than Apple Merged in May Made it possible for attackers to attack fully upgraded devices.

Leave a Reply

Your email address will not be published. Required fields are marked *