Apple Patches Zero-Day Vulnerability That Could Let iPhones, iPads, and MacBooks Get Hacked

Apple patched many zero-day bugs in iOS 15.4.1 and macOS 12.3.1 updates
Apple releases iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3 updates that patch the critical zero-day vulnerability

The first zero-day vulnerability is tracked under the code CVE-2022-22587. This is a memory corruption bug in IOMobileFrameBuffer that affects iOS, iPadOS, and macOS Monterey.

When successfully exploiting this vulnerability, an attacker can execute arbitrary code with kernet privileges on the victim's device.

"Apple has received notice that this vulnerability is being actively exploited by hackers," Apple said.

Below is a list of devices affected by CVE-2022-22587:

iPhone 6s and up
iPad Pro (all models)
iPad 5th generation or later
iPad mini 4 or later and iPod touch (7th generation)
Devices running macOS Monterey

The vulnerability was found by an anonymous security researcher, MBition - Mercedes-Benz Innovation Lab researcher Meysam Firouzi and researcher Siddharth Aeri.

Both Firouzi and Aeri shared that they found this vulnerability based on independent research, not knowing that hackers are actively exploiting it.

Apple Patches Zero-Day Vulnerability That Could Let iPhones, iPads, and MacBooks Get Hacked Picture 1

The second zero-day vulnerability is a Safari WebKit bug in iOS and iPadOS that allows websites to track a user's surfing activity and a user's identity in real time.

The vulnerability was reported to Apple by Martin Bajanik of FingerprintJS on November 28, 2021 and made public on January 14, 2022. After the researcher revealed it, it was assigned the code CVE-2022-22594 and patched in the newly released iOS 15.3 and iPadOS 15.3 update.

These are the first zero-day vulnerabilities to be patched by Apple in 2022.

ios vulnerability zero-day

Micah Soto

Update 27 January 2022

You should read it

May be interested

Some Samsung devices experience email, VPN errors due to missing Microsoft Intune certificates
microsoft just said that some samsung devices that have signed up for microsoft intune with a work account will experience email and vpn connection problems after upgrading to android 12. the cause of the problem is a lack of certificates.
Close-up of Microsoft's canceled Andromeda operating system running on Lumia 950
andromeda was a hybrid project between the andromeda operating system and a dual-screen device, but in the end, microsoft switched to android for the surface duo.
Many iPhone 13 have a 'pink screen' error, Apple thinks it's not a hardware error
but users will still be able to renew their device if restoring or updating the software doesn't fix the problem.
How to connect phone to computer easily for iPhone and Android
instructions on how to connect your phone to your computer very easily for both android and iphone models. please refer to the article for immediate information!
iPhone 13 has the background noise cancellation feature removed when making phone calls
many users think that a certain software bug caused the iphone 13 to lose its noise cancellation feature. however, apple confirmed that the iphone 13 does not have this feature.
Apple releases iOS 15.2.1 and iPadOS 15.2.1 updates, fixing a lot of important bugs
- on january 13, apple released a new update for its iphone and ipad devices. this ios 15.2.1 update fixes some important bugs.