• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new actively exploited zero day vulnerability discovered in apple products

New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products

You are here: Home / General Cyber Security News / New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products
December 14, 2022

Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code.

Tracked as CVE-2022-42856, the issue has been described by the tech huge as a variety confusion issue in the WebKit browser motor that could be triggered when processing specifically crafted articles, major to arbitrary code execution.

The organization explained it is “conscious of a report that this issue may possibly have been actively exploited versus versions of iOS released right before iOS 15.1.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Even though facts surrounding the exact character of the attacks are unidentified as nonetheless, it is really likely that it associated a scenario of social engineering or a watering gap to infect the gadgets when visiting a rogue or authentic-but-compromised area by way of the browser.

It really is worth noting that every single 3rd-party web browser that’s obtainable for iOS and iPadOS, like Google Chrome, Mozilla Firefox, and Microsoft Edge, and other people, is essential to use the WebKit rendering motor thanks to limitations imposed by Apple.

Credited with getting and reporting the issue is Clément Lecigne of Google’s Threat Examination Group (TAG). Apple observed it tackled the bug with enhanced condition dealing with.

CyberSecurity

The update, which is readily available with iOS 15.7.2, iPadOS 15.7.2, macOS Ventura 13.1, tvOS 16.2, and Safari 16.2, arrived two weeks just after Apple patched the identical bug in iOS 16.1.2 on November 30, 2022.

The correct marks the resolution of the tenth zero-working day vulnerability identified in Apple program because the start out of the calendar year. It is really also the ninth actively exploited zero-working day flaw in 2022 –

  • CVE-2022-22587 (IOMobileFrameBuffer) – A malicious application could be capable to execute arbitrary code with kernel privileges
  • CVE-2022-22594 (WebKit Storage) – A web site may possibly be equipped to monitor delicate person details (publicly recognized but not actively exploited)
  • CVE-2022-22620 (WebKit) – Processing maliciously crafted web content material could guide to arbitrary code execution
  • CVE-2022-22674 (Intel Graphics Driver) – An application may possibly be equipped to read kernel memory
  • CVE-2022-22675 (AppleAVD) – An software may well be in a position to execute arbitrary code with kernel privileges
  • CVE-2022-32893 (WebKit) – Processing maliciously crafted web articles may possibly lead to arbitrary code execution
  • CVE-2022-32894 (Kernel) – An software could be in a position to execute arbitrary code with kernel privileges
  • CVE-2022-32917 (Kernel) – An application may well be ready to execute arbitrary code with kernel privileges
  • CVE-2022-42827 (Kernel) – An application could be equipped to execute arbitrary code with kernel privileges

The most recent iOS, iPadOS, and macOS updates also introduce a new security element identified as Highly developed Knowledge Security for iCloud that expands conclusion-to-conclude encryption (E2EE) to ‌iCloud‌ Backup, Notes, Pictures, and more.

Identified this short article fascinating? Observe us on Twitter  and LinkedIn to study additional distinctive content material we put up.


Some elements of this post are sourced from:
thehackernews.com

Previous Post: «google launches largest distributed database of open source vulnerabilities Google Launches Largest Distributed Database of Open Source Vulnerabilities
Next Post: Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability hackers actively exploiting citrix adc and gateway zero day vulnerability»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results
  • Iranian Nation-State Actor OilRig Targets Israeli Organizations
  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
  • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
  • The Rise of the Malicious App
  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
  • Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.