Apple drops iOS and iPadOS 15.6.1 to fix two exploited zero days

By

Kernel and WebKit bugs abused.

Two new zero-days, or bugs that are being exploited prior to fixes being issued, have been discovered in Apple's iOS and iPadOS mobile operating systems.

Apple drops iOS and iPadOS 15.6.1 to fix two exploited zero days

One affects the iOS/iPadOS kernel and allows applications to run arbitrary code with the highest system privileges.

The bug has been given the Common Vulnerabilities and Exposures index CVE-2022-3284.

A second flaw, CVE-2022-32893, affects the WebKit rendering engine which is used in Apple's Safari browser and iOS/iPadOS apps that display HTML content.

Attackers can abuse the WebKit flaw with maliciously crafted web content to execute arbitrary code.

Both issues were caused by out of bounds write bugs, allowing attackers to inject data before the beginning, or after, a buffer in memory.

Apple said it is aware of both vulnerabilities being exploited, but provided no further details.

There were also patches for two Safari bugs: CVE-2022-32784 was an information leak in Safari Extensions exploitable by a malicious website, while CVE-2022-2294 offered arbitrary code execution via WebRTC.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
appleiosipadossecurity

Sponsored Whitepapers

Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack
SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?