Apple Vulnerabilities added to CISA Catalog

Apple Vulnerabilities added to CISA Catalog

US Cybersecurity and Infrastructure Security Agency (CISA) released an advisory a security update of Apple Inc. The advisory said to address the vulnerability in iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).  The vulnerabilities were reported by an anonymous researcher.

The vulnerability is an out-of-bounds write issue addressed with improved bounds checking which is tracked as CVE-2022-32893. Threat actors exploit this vulnerability via maliciously crafted web content that leads to arbitrary code execution and gain control over the affected device upon successful exploitation.

There have also been reports of more Apple vulnerabilities. These discovered flaws could give an attacker access to the targeted system with elevated privileges, the ability to run arbitrary code, the ability to reveal confidential data, and the ability to get beyond security measures.

These are the root causes of the following problems: a logic problem in the Safari Extensions, ATS, Maps, PackageKit, and Shortcuts components; a buffer overflow problem, an out-of-bounds read problem, and a problem with how the UI is handled in the WebKit component; a problem with how memory is handled in the Kernel component; a memory corruption problem in the MediaLibrary component; and a problem with how checks are handled in the contacts component. By convincing the victim to open a specially created file or application, a remote attacker may be able to take advantage of these vulnerabilities.

Affected Products: Safari, macOS, iOS, iPadOS

CVE: CVE-2022-32917, CVE-2022-32912, CVE-2022-32911, CVE-2022-32908, CVE-2022-32902, CVE-2022-32900, CVE-2022-32896, CVE-2022-32894, CVE-2022-32891, CVE-2022-32886, CVE-2022-32883, CVE-2022-32872, CVE-2022-32868, CVE-2022-32864, CVE-2022-32854, CVE-2022-32795

It’s recommended to apply the provided security patches and updates by Apple as soon as possible to mitigate potential risks.

Sources

https://www.cisa.gov/uscert/ncas/current-activity/2022/09/14/cisa-adds-two-known-exploited-vulnerabilities-catalog

https://support.apple.com/en-us/HT213428

https://www.cisa.gov/uscert/ncas/current-activity/2022/09/01/apple-releases-security-updates-multiple-products

Related,

Apple releases fix zero-day vulnerabilities used in attacks

Copy link
Powered by Social Snap