Apple Patches Two Exploited Vulnerabilities
Apple fixed two vulnerabilities that are, according to Apple, already being exploited. The WebKit vulnerability could be used by a malicious website to execute arbitrary code, while the Kernel issue can then be used to escalate privileges. No additional details are known at this point.
MacOS Monterey | iOS/iPadOS | ||||||
---|---|---|---|---|---|---|---|
CVE-2022-32894 [important] Kernel An out-of-bounds write issue was addressed with improved bounds checking. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. |
|||||||
x | x | ||||||
WebKit Bugzilla [critical] WebKit An out-of-bounds write issue was addressed with improved bounds checking. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. |
|||||||
x | x |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
×
Diary Archives
Comments