Apple Patches Zero-Day Vulnerability That Could Let iPhones, iPads, and MacBooks Get Hacked
The first zero-day vulnerability is tracked under the code CVE-2022-22587. This is a memory corruption bug in IOMobileFrameBuffer that affects iOS, iPadOS, and macOS Monterey.
When successfully exploiting this vulnerability, an attacker can execute arbitrary code with kernet privileges on the victim's device.
"Apple has received notice that this vulnerability is being actively exploited by hackers," Apple said.
Below is a list of devices affected by CVE-2022-22587:
- iPhone 6s and up
- iPad Pro (all models)
- iPad 5th generation or later
- iPad mini 4 or later and iPod touch (7th generation)
- Devices running macOS Monterey
The vulnerability was found by an anonymous security researcher, MBition - Mercedes-Benz Innovation Lab researcher Meysam Firouzi and researcher Siddharth Aeri.
Both Firouzi and Aeri shared that they found this vulnerability based on independent research, not knowing that hackers are actively exploiting it.
The second zero-day vulnerability is a Safari WebKit bug in iOS and iPadOS that allows websites to track a user's surfing activity and a user's identity in real time.
The vulnerability was reported to Apple by Martin Bajanik of FingerprintJS on November 28, 2021 and made public on January 14, 2022. After the researcher revealed it, it was assigned the code CVE-2022-22594 and patched in the newly released iOS 15.3 and iPadOS 15.3 update.
These are the first zero-day vulnerabilities to be patched by Apple in 2022.
You should read it
- Apple patched many zero-day bugs in iOS 15.4.1 and macOS 12.3.1 updates
- Apple releases iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3 updates that patch the critical zero-day vulnerability
- Detected critical zero-day vulnerability on Adobe Reader
- Microsoft updated Patch Tuesday in October 2020, patching the 'Ping of Death' vulnerability on Windows 10
- Intel will stop releasing patches for the Specter v2 security hole on some older CPUs
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- Lenovo updates BIOS to patch security holes for hundreds of device models
- Microsoft silently patched the KRACK WPA2 security hole
- Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
- Detected extremely serious vulnerability in Hikvision security cameras
- Microsoft urges Admin to patch PowerShell vulnerability on Windows
- Apple released a patch to fix security holes on Mac OS X
Maybe you are interested
There is a serious security vulnerability that has existed for 18 years in AMD processors, but it is not too worrying
A dangerous vulnerability that has existed for 18 years threatens millions of AMD Ryzen and EPYC CPUs
Google Workspace security vulnerability caused thousands of user accounts to be attacked
Thousands of iOS apps could be at risk because of an open source vulnerability
Serious vulnerability in OpenSSH threatens millions of servers
Google releases emergency update to patch Chrome vulnerability