Security News > 2022 > January > Apple fixes new zero-day exploited to hack macOS, iOS devices
Apple has released security updates to fix two zero-day vulnerabilities, with one publicly disclosed and the other exploited in the wild by attackers to hack into iPhones and Macs.
The first zero-day patched today [1, 2] is a memory corruption bug in the IOMobileFrameBuffer that affects iOS, iPadOS, and macOS Monterey.
The second zero-day is a Safari WebKit bug in iOS and iPadOS that allowed websites to track your browsing activity and users' identities in real-time.
After the researcher disclosed the bug, it was assigned the CVE-2022-22594 and fixed in today's iOS 15.3 and iPadOS 15.3 security update.
These bugs are the first zero-day vulnerabilities fixed by Apple in 2022.
Apple fixed what felt like a never-ending stream of zero-day bugs in 2021 that were used in attacks against iOS and macOS devices.
News URL
Related news
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-18 | CVE-2022-22594 | Origin Validation Error vulnerability in Apple products A cross-origin issue in the IndexDB API was addressed with improved input validation. | 6.5 |