Looking for:
Apple Announces Two Zero-Day Vulnerabilities for macOS & iOS.Apple's latest iOS and macOS updates patch two zero-day vulnerabilities | Engadget.Apple security flaw ‘actively exploited’ by hackers to fully control devices | Apple | The Guardian
The second zero-day vulnerability is CVE and is an out-of-bounds write vulnerability in WebKit, the web browser engine used by Safari and other apps that can access the web. Apple says this flaw would allow an attacker to perform arbitrary code execution and, as it's in the web engine, could likely be exploited remotely by visiting a maliciously crafted website.
The bugs were reported by anonymous researchers and fixed by Apple in iOS Apple disclosed active exploitation in the wild, however, it did not release any additional info regarding these attacks.
Likely, these zero-days were only used in targeted attacks, but it's still strongly advised to install today's security updates as soon as possible. In January, Apple patched two more actively exploited zero-days that enabled attackers to achieve arbitrary code execution with kernel privileges CVE and track web browsing activity and the users' identities in real-time CVE In February, Apple released security updates to fix a new zero-day bug exploited to hack iPhones, iPads, and Macs, leading to OS crashes and remote code execution on compromised devices after processing maliciously crafted web content.
Always appreciate the quality information. I used to be an essential employee, until the company closed sort of like those movies where somebody shoots the horse; they shot my job. We did some work on buried capacitor substrates and pad transfer printing for better hardware - so the software people can have a foundation to build their structure on. We each do our part Not a member yet?
Register Now. To receive periodic updates and news from BleepingComputer , please use the form below. Read our posting guidelinese to learn what content is prohibited.
August 17, PM 1. The list of devices affected by both vulnerabilities are: Macs running macOS Monterey iPhone 6s and later iPad Pro all models , iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch 7th generation.
Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Previous Article Next Article. That being said, it seems likely that these vulnerabilities were found in an active attack that chained the two vulnerabilities together.
The attack could, for example, be done in the form of a watering hole or as part of an exploit kit. CVE could be exploited for initial code to be run.
This code could be used to leverage CVE to obtain kernel privileges. Details can be found on the security content for macOS page. And instructions to apply updates are available on the Apple Security Updates page. Pieter Arntz Malware Intelligence Researcher. Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.
Threat Center. Write for Labs. You level up. Online Privacy. Business Business Solutions. Malware Removal Service. Cloud Storage Scanning Service New. DNS Filtering. Get Started Find the right solution for your business See business pricing See business pricing Don't know where to start?
Help me choose a product See business products selector See what Malwarebytes can do for you Get a free trial Get a free trial Our sales team is ready to help. Partners Partner Icon Explore Partnerships. Partner Success Story. Resources Resources Learn About Cybersecurity.
Business Resources.
Comments
Post a Comment