Read Time:1 Minute, 55 Second

Apple released two patches for its operating systems today, macOS Monterey 12.5.1 and iOS 15.6.1/iPadOS 15.6.1. Both patches address two previously unknown vulnerabilities that could allow hackers to remotely take control of devices running those versions of the software.

A zero-day exploit is a cyberattack that aims to use a software flaw that antivirus companies or software developers are unaware of. An attacker finds a security flaw before anyone else quickly creates an exploitable version of the program and then uses it to hack into computers that haven’t been updated. Because there are no effective countermeasures against these attacks, they’re highly likely to succeed. Zero-day attacks pose a severe security risk.

The first vulnerability, identified as CVE-2022-32894, affects all three operating systems. This flaw is an out-of-bounds write vulnerability in the operating system’s kernel.

In macOS, iPadOS, and iOS, the kernel—a software that functions as the foundational element of an operating system—has the most significant level of access.

This flaw allows a program, such as malicious software, to run commands with kernel privileges. At the highest privilege level, a process would have full authority over the device at this level and could execute any control on it.

CVE-2022-32893, the second zero-day flaw, is an out-of-bounds write spot in WebKit, the web browser engine used by Safari and other web-accessible apps.

According to Apple, an attacker might execute arbitrary code thanks to this issue, which could be remotely abused by visiting a website that has been specially built to harm.

Unnamed researchers discovered the issues, and Apple patched them in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1 with improved bounds checking.

We create Apple products with your privacy and information control in mind. Sometimes it isn’t straightforward. However, at Apple, we support that particular type of innovation. It is our goal to make people safer through technology,” Apple promised.

Thus, Apple strives to improve their system, especially in fighting against hacking and viruses, to ensure privacy protection and customer satisfaction while using its products. Although likely, what only employed these zero-day vulnerabilities in focused attacks is strongly urged to immediately install the security updates from today.

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
google Previous post Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin
Apple has released its Safari 15.6.1 Next post Update Your iPhone, Mac, or iPad Now to Fix Zero-Day Exploit