- Apple zero day hack

on

Looking for:

Urgent update for macOS and iOS! Two actively exploited zero-days fixed - Five zero-days patched in 2022 













































     


- Apple security updates fix 2 zero-days used to hack iPhones, Macs



 

Read our posting guidelinese to learn what content is prohibited. February 10, PM 0. The complete list of impacted devices is quite extensive, as the bug affects older and newer models, and it includes: iPhone 6s and later, iPad Pro all models , iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch 7th generation Macs running macOS Monterey Although this zero-day was likely only used in targeted attacks, it's still strongly recommended to install the updates as soon as possible to block potential attack attempts.

Third zero-day patched this year by Apple In January, Apple patched two other zero-days exploited in the wild that could allow threat actors to achieve arbitrary code execution with kernel privileges CVE and track browsing activity and users' identities in real-time CVE Sergiu Gatlan Sergiu Gatlan is a reporter who covered cybersecurity, technology, Apple, Google, and a few other topics at Softpedia for more than a decade. Email or Twitter DMs for tips.

Previous Article Next Article. The flaw, which stems from an out-of-bounds write issue, gives hackers the ability to execute malicious code that runs with privileges of the kernel, the most security-sensitive region of the OS. CVE, meanwhile, also results from an out-of-bounds read issue that can lead to the disclosure of kernel memory.

Apple disclosed bare-bones details for the flaws here and here. That being said, it seems likely that these vulnerabilities were found in an active attack that chained the two vulnerabilities together.

The attack could, for example, be done in the form of a watering hole or as part of an exploit kit. CVE could be exploited for initial code to be run. This code could be used to leverage CVE to obtain kernel privileges.

Details can be found on the security content for macOS page. And instructions to apply updates are available on the Apple Security Updates page. Pieter Arntz Malware Intelligence Researcher.

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books. Threat Center. Write for Labs. The patches are available in the macOS Monterey Check out our free upcoming live and on-demand online town halls — unique, dynamic discussions with cybersecurity experts and the Threatpost community. Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

   

 

- Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities



    Apple has released a security update fixing two zero-day common vulnerability and exposures (CVE) that they state are being actively exploited. Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones. For those unfamiliar with the term, a zero-day exploit is basically a newly discovered vulnerability that the fix is still unknown to the.


Comments

Post a Comment