Apple have released a fix for the first two zero-day vulnerabilities of 2022 - Affecting MacOS, iOS

Description

Apple releases security update to fix two zero-day vulnerabilities. Successful exploitation of this bug leads to arbitrary code execution with kernel privileges on compromised devices. The first zero-day is a memory corruption issue and the second is a Safari Web-kit issue!

Affected Products:

• iPhone 6s and later

• iPad Pro

• iPad Air 2 and later

• iPad 5th generation and later

• iPad mini 4 and later

• iPod touch (7th generation)
  

Notable Vulnerabilities:

• CVE-2022-22584-Processing a maliciously crafted file may lead to arbitrary code execution

• CVE-2022-22594-A website may be able to track sensitive user information

• CVE-2022-22587-A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

• CVE-2022-22579-Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution

• CVE-2022-22589- Processing a maliciously crafted mail message may lead to running arbitrary JavaScript

• CVE-2022-22590-Processing maliciously crafted web content may lead to arbitrary code execution

• CVE-2022-22592-Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Recommendations

Workaround:

It is recommended to update apple devices to their latest available version.

Reference

• https://support.apple.com/en-us/HT213053

• https://securityaffairs.co/wordpress/127240/hacking/apple-fixed-two-zero-day-2022.html