Security News > 2022 > January > Apple fixes new zero-day exploited to hack macOS, iOS devices

Apple fixes new zero-day exploited to hack macOS, iOS devices
2022-01-26 19:39

Apple has released security updates to fix two zero-day vulnerabilities, with one publicly disclosed and the other exploited in the wild by attackers to hack into iPhones and Macs.

The first zero-day patched today [1, 2] is a memory corruption bug in the IOMobileFrameBuffer that affects iOS, iPadOS, and macOS Monterey.

The second zero-day is a Safari WebKit bug in iOS and iPadOS that allowed websites to track your browsing activity and users' identities in real-time.

After the researcher disclosed the bug, it was assigned the CVE-2022-22594 and fixed in today's iOS 15.3 and iPadOS 15.3 security update.

These bugs are the first zero-day vulnerabilities fixed by Apple in 2022.

Apple fixed what felt like a never-ending stream of zero-day bugs in 2021 that were used in attacks against iOS and macOS devices.


News URL

https://www.bleepingcomputer.com/news/apple/apple-fixes-new-zero-day-exploited-to-hack-macos-ios-devices/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-03-18 CVE-2022-22594 Origin Validation Error vulnerability in Apple products
A cross-origin issue in the IndexDB API was addressed with improved input validation.
network
low complexity
apple CWE-346
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349