Apple drops iOS and iPadOS 15.6.1 to fix two exploited zero days

By

Kernel and WebKit bugs abused.

Two new zero-days, or bugs that are being exploited prior to fixes being issued, have been discovered in Apple's iOS and iPadOS mobile operating systems.

Apple drops iOS and iPadOS 15.6.1 to fix two exploited zero days

One affects the iOS/iPadOS kernel and allows applications to run arbitrary code with the highest system privileges.

The bug has been given the Common Vulnerabilities and Exposures index CVE-2022-3284.

A second flaw, CVE-2022-32893, affects the WebKit rendering engine which is used in Apple's Safari browser and iOS/iPadOS apps that display HTML content.

Attackers can abuse the WebKit flaw with maliciously crafted web content to execute arbitrary code.

Both issues were caused by out of bounds write bugs, allowing attackers to inject data before the beginning, or after, a buffer in memory.

Apple said it is aware of both vulnerabilities being exploited, but provided no further details.

There were also patches for two Safari bugs: CVE-2022-32784 was an information leak in Safari Extensions exploitable by a malicious website, while CVE-2022-2294 offered arbitrary code execution via WebRTC.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Researchers demo AI-crippling GPUHammer attack

Researchers demo AI-crippling GPUHammer attack

Qantas obtains court order to prevent third-party access to stolen data

Qantas obtains court order to prevent third-party access to stolen data

Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks

Log In

  |  Forgot your password?