Security News > 2022 > March > Apple patches 87 security holes – from iPhones and Macs to Windows

The latest raft of non-emergency Apple security updates are out, patching a total of 87 different CVE-rated software bugs across all Apple products and plaforms.

With 87 noteworthy bugs in the mix, there are plenty of security issues to choose from, including several that are listed with a warning that the bug might "Lead to arbitrary code execution", or even that it might be exploitable "To execute arbitrary code with kernel privileges".

Three remote code execution bugs are listed in WebKit, the HTML rendering code that underlies all of Apple's own web browsing code, including Safari, and that underlies all web browsing on App Store programs.

There's a similar and equally alarming set of bugs in the document, audio and video viewing components on iPhones and iPads.

If a moderately dangerous remote code execution bug is combined with an EoP, short for elevation-of-privilege exploit, then the attacker's remotely triggered malware code may be able not only to get in, but also to move around, effectively evading the "Each-app-is-cloistered-in-its-own-little-world" sandbox protection usually imposed by the operating system.

Note that there's also an update for iTunes on Windows that closes a number of remote code execution bugs, including not only the abovementioned WebKit holes, but also various related image-handling bugs that could allow a booby-trapped file to take over your computer even if all you did was look at it.

News URL

https://nakedsecurity.sophos.com/2022/03/15/apple-patches-87-security-holes-from-iphones-and-macs-to-windows/