Apple on Thursday revealed fixes for two major zero-day vulnerabilities in iPhone, iPod and Mac devices, which could allow hackers to gain dangerous access to devices running the operating system.
Apple added pride to the anonymous researcher who discovered both vulnerabilities. The first vulnerability is CVE-2022-22675, macOS for Monterey, and iOS or iPadOS for most iPhone and iPad models. The ability to execute malicious code running with kernel privileges, the most security-sensitive part of the operating system, gives hackers the disadvantage that arises from the problem of writing out of bounds. Meanwhile, CVE-2022-22674 is the result of an exaggerated read issue that may expose kernel memory.
Apple released basic details of the flaw. here And the here. “Apple is aware of a report that this issue can be exploited critically,” the company wrote in both vulnerabilities.
Apple Day Zero Rain
CVE-2022-22674 and CVE-2022-22675 are Apple’s fourth and fifth zero days this year. In January, the company released links for iOS, iPadOS, macOS Monterey, watchOS, tvOS, and HomePod. Fix Zero Day Memory Corruption It gives exploiters the ability to execute code with kernel privileges. The error that was spotted as CVE-2022-22587 was in IOMobileFrameBuffer. A separate vulnerability, CVE-2022-22594, made it possible for websites to monitor sensitive user information. Before the patch was released, the exploit code for this vulnerability was published.
Apple paid for a fix in February Use after error free In the Webkit browser engine provided to attackers capable of executing malicious code on iPhones, iPods and iTouches. Apple Corps said in a statement that the “CVE-2022-22620” report may have been widely used.
to Table Google security researchers are tracking Zero Days as Apple fixed 12 vulnerabilities in 2021. One drawback of iMessage is that it targets the Pegasus spyware framework. Exploit without a click, that is, the devices are infected by receiving malicious messages and no action is required from the user. Zero day more than Apple merged in May It made it possible for attackers to attack fully upgraded devices.
“Beer enthusiast. Subtly charming alcohol junkie. Wannabe internet buff. Typical pop culture lover.”