Security News > 2022 > January > Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild
Apple on Wednesday released 13 patches for serious security bugs in macOS and 10 for flaws in iOS/iPadOS. They include fixes for two zero-day bugs, one of which may have been exploited by attackers in the wild.
The first zero-day is a memory-corruption issue that could be exploited by a malicious app to execute arbitrary code with kernel privileges.
The update is available for iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch.
"Often, these types of bugs are used with significant ill intent or by governments engaged in human-rights abuses," Bambenek said via email.
"Unfortunately, we will likely see more of these bugs as the year goes on."
iOS 15.3 also brought fixes for security issues that could lead to apps gaining root privileges, the ability to execute arbitrary code with kernel privileges, and the ability for apps to get at user files through iCloud.
News URL
https://threatpost.com/apple-zero-day-security-exploited/178040/
Related news
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)