Security News > 2022 > November > Emergency code execution patch from Apple – but not an 0-day

Emergency code execution patch from Apple – but not an 0-day
2022-11-10 20:49

No sooner had we stopped to catch our breath after reviewing the latest 62 patches dropped by Microsoft on Patch Tuesday.

Neither bug is reported with Apple's typical zero-day wording along the lines that the company "Is aware of a report that this issue may have been actively exploited", so there's no suggestion that these bugs are zero-days, at least inside Apple's ecosystem.

With just two bugs fixed, just two weeks after Apple's last tranche of patches, perhaps Apple thought these holes were ripe for exploitation and thus pushed out what is essentially a one-bug patch, given that these holes showed up in the same software component?

Perhaps Apple felt that these bugs were too broadly dangerous to leave unpatched for long?

More dramatically, perhaps Apple concluded that the way Google found these bugs was sufficiently obvious that someone else might easily stumble upon them, perhaps without even really meaning to, and begin using them for bad?

If Apple follows up these patches with related updates to any of its other products, we'll let you know.


News URL

https://nakedsecurity.sophos.com/2022/11/10/emergency-code-execution-patch-from-apple-but-not-an-0-day/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349