Security News > 2022 > January > Apple Releases iOS and macOS Updates to Patch Actively Exploited 0-Day Vulnerability

Apple Releases iOS and macOS Updates to Patch Actively Exploited 0-Day Vulnerability
2022-01-26 22:32

Tracked as CVE-2022-22587, the vulnerability relates to a memory corruption issue in the IOMobileFrameBuffer component that could be abused by a malicious application to execute arbitrary code with kernel privileges.

The iPhone maker said it's "Aware of a report that this issue may have been actively exploited," adding it addressed the issue with improved input validation.

CVE-2022-22585 - A path validation issue in iCloud that could be exploited be a rogue application to access a user's files.

CVE-2022-22591 - A memory corruption issue in Intel Graphics Driver that could be abused by a malicious application to execute arbitrary code with kernel privileges.

CVE-2022-22593 - A buffer overflow issue in Kernel that could be abused by a malicious application to execute arbitrary code with kernel privileges.

The updates are available for iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, iPod touch, and macOS devices running Big Sur, Catalina, and Monterey.


News URL

https://thehackernews.com/2022/01/apple-releases-ios-and-ipados-updates.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-03-18 CVE-2022-22593 Classic Buffer Overflow vulnerability in Apple products
A buffer overflow issue was addressed with improved memory handling.
local
low complexity
apple CWE-120
7.8
2022-03-18 CVE-2022-22591 Out-of-bounds Write vulnerability in Apple Macos 12.0.0/12.0.1/12.1
A memory corruption issue was addressed with improved memory handling.
local
low complexity
apple CWE-787
7.8
2022-03-18 CVE-2022-22587 Out-of-bounds Write vulnerability in Apple Iphone OS and Macos
A memory corruption issue was addressed with improved input validation.
network
low complexity
apple CWE-787
critical
9.8
2022-03-18 CVE-2022-22585 Link Following vulnerability in Apple products
An issue existed within the path validation logic for symlinks.
network
low complexity
apple CWE-59
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349