Apple rushes out patches for two zero-days threatening iOS and macOS users

ByMabel R. Acton

Apr 1, 2022 #3rd Wave Of Technology, #Active Mind Technology Steve Suda, #Adia Technology Limited, #Anxiety Caused By Technology, #Aum Technology Job Openings, #Best Books On Licensing Technology, #Best Us Companies Drivetrain Technology, #Boulder Creek Ca Technology Companies, #Bounce Box Technology, #Bridgerland Applied Technology College Cafeteria, #Cisco Technology News, #Comcast Comcast Technology Internship Program, #Complete Automated Technology, #Defence Technology News, #Definition Information Technology System, #Digital Technology, #Digital Technology Pdf, #Director, #Dxc Technology Malaysia Sdn Bhd, #Emerging Technology In Healthcare 2019, #Energy Efficient Home Technology, #Environmental Technology 2019, #Esl Information Technology Vocabulary, #Farming Technology Replacing People, #I.T. Information Technology, #Information Technology Residency Programs, #Issue With Holographic Counterfeiting Technology, #La Crosse Technology 9625 Manual, #La Crosse Technology C89201 Manual, #Lane Dedection Technology, #Long Quotes About Technology, #Micron Technology San Francisco, #Modern Steel Mill Technology, #Nc Lateral Entry Technology, #New Technology Replaces Wifi, #Russian Technology City, #Shenzhen Nearbyexpress Technology Development, #Stackoverflow Resume With Technology Interests, #State Agency For Technology, #Teacher Comfort With Technology Survey, #Technology Companies In Southwest Florida, #Technology Credit Union Address, #Technology In Mercedes Glc, #Technology Material Grant For College, #Technology Meibomian Lid, #Technology Production And Cost, #Treehouse Education Technology, #Western Technology Center Sayre Ok, #What Is Jet Intellagence Technology, #Why Women In Technology, #Will Technology Take Away Libraries
Apple rushes out patches for two zero-days threatening iOS and macOS users

Apple on Thursday released fixes for two critical zero-day vulnerabilities in iPhones, iPads, and Macs that give hackers dangerous access to the internals of the OSes the devices run on.

Apple credited an anonymous researcher with discovering both vulnerabilities. The first vulnerability, CVE-2022-22675, resides in macOS for Monterey and in iOS or iPadOS for most iPhone and iPad models. The flaw, which stems from an out-of-bounds write issue, gives hackers the ability to execute malicious code that runs with privileges of the kernel, the most security-sensitive region of the OS. CVE-2022-22674, meanwhile, also results from an out-of-bounds read issue that can lead to the disclosure of kernel memory.

Apple disclosed bare-bones details for the flaws here and here. “Apple is aware of a report that this issue may have been actively exploited,” the company wrote of both vulnerabilities.

Raining down Apple zero-days

CVE-2022-22674 and CVE-2022-22675 are the fourth and fifth zero-days Apple has patched this year. In January, the company rushed out patches for iOS, iPadOS, macOS Monterey, watchOS, tvOS, and HomePod Software to fix a zero-day memory corruption flaw that could give exploiters the ability to execute code with kernel privileges. The bug, tracked as CVE-2022-22587, resided in the IOMobileFrameBuffer. A separate vulnerability, CVE-2022-22594, made it possible for websites to track sensitive user information. The exploit code for that vulnerability was released publicly prior to the patch being issued.

Apple in February pushed out a fix for a use after free bug in the Webkit browser engine that gave attackers the ability to run malicious code on iPhones, iPads, and iTouches. Apple said that reports it received indicated the vulnerability—CVE-2022-22620—might also have been actively exploited.

A spreadsheet Google security researchers maintain to track zero-days shows Apple fixed a total of 12 such vulnerabilities in 2021. Among those was a flaw in iMessage that the Pegasus spyware framework was targeting using a zero-click exploit, meaning devices were infected merely by receiving a malicious message, without any user action required. Two zero-days that Apple patched in May made it possible for attackers to infect fully up-to-date devices.