Home Security Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability

Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability

by crpt os


Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild.

The weakness, given the identifier CVE-2022-42827, has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges.

Successful exploitation of out-of-bounds write flaws, which typically occur when a program attempts to write data to a memory location that’s outside of the bounds of what it is allowed to access, can result in corruption of data, a crash, or execution of unauthorized code.

The iPhone maker said it addressed the bug with improved bounds checking, while crediting an anonymous researcher for reporting the vulnerability.

As is usually the case with actively exploited zero-day flaws, Apple refrained from sharing more specifics about the shortcoming other than acknowledging that it’s “aware of a report that this issue may have been actively exploited.”

CVE-2022-42827 is the third consecutive Kernel-related out-of-bounds memory vulnerability to be patched by Apple after CVE-2022-32894 and CVE-2022-32917, the latter two of which have also been previously reported to be weaponized in real-world attacks.

CyberSecurity

The security update is available for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.

With the latest fix, Apple has closed out eight actively exploited zero-day flaws and one publicly-known zero-day vulnerability since the start of the year –

  • CVE-2022-22587 (IOMobileFrameBuffer) – A malicious application may be able to execute arbitrary code with kernel privileges
  • CVE-2022-22594 (WebKit Storage) – A website may be able to track sensitive user information (publicly known but not actively exploited)
  • CVE-2022-22620 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2022-22674 (Intel Graphics Driver) – An application may be able to read kernel memory
  • CVE-2022-22675 (AppleAVD) – An application may be able to execute arbitrary code with kernel privileges
  • CVE-2022-32893 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2022-32894 (Kernel) – An application may be able to execute arbitrary code with kernel privileges
  • CVE-2022-32917 (Kernel) – An application may be able to execute arbitrary code with kernel privileges

Aside from CVE-2022-42827, the update also addresses 19 other security vulnerabilities, including two in Kernel, three in Point-to-Point Protocol (PPP), two in WebKit, and one each in AppleMobileFileIntegrity, Core Bluetooth, IOKit, Sandbox, and more.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex