• Rachel Hanlon

Apple have released a fix for the first two zero-day vulnerabilities of 2022 - Affecting MacOS, iOS

Updated: May 6

Description

Apple releases security update to fix two zero-day vulnerabilities. Successful exploitation of this bug leads to arbitrary code execution with kernel privileges on compromised devices. The first zero-day is a memory corruption issue and the second is a Safari Web-kit issue!

Affected Products:

  • iPhone 6s and later

  • iPad Pro

  • iPad Air 2 and later

  • iPad 5th generation and later

  • iPad mini 4 and later

  • iPod touch (7th generation)

Notable Vulnerabilities:

  • CVE-2022-22584-Processing a maliciously crafted file may lead to arbitrary code execution

  • CVE-2022-22594-A website may be able to track sensitive user information

  • CVE-2022-22587-A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

  • CVE-2022-22579-Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution

  • CVE-2022-22589- Processing a maliciously crafted mail message may lead to running arbitrary JavaScript

  • CVE-2022-22590-Processing maliciously crafted web content may lead to arbitrary code execution

  • CVE-2022-22592-Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Recommendations

Workaround:

It is recommended to update apple devices to their latest available version.

Reference



2 views0 comments