Posted on 02/11/2022 5:20:38 PM PST by bitt
Apple’s struggles with zero-day attacks on its iOS and macOS platforms are showing no signs of slowing down.
For the second time in as many months, Cupertino released iOS, iPadOS and macOS updates to address a critical WebKit security defect (CVE-2022-22620) that exposes Apple devices to remote code execution attacks.
“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” the company said in a barebones advisory.
As is customary, Apple did not provide details on the scope of the attack, the platform being targeted, or any indicators of compromise to help defenders look for signs of infections.
The WebKit flaw, fixed in iOS 15.3.1, iPadOS 15.3.1 and macOS Monterey 12.2.1, is a use-after-free memory corruption issue that was reported by an anonymous researcher. Apple said the WebKit code was cleaned up with improved memory management.
This is the second “actively exploited” zero-day fixed by Apple in the first two months of 2022. Late last month, the company used the same language in the disclosure of zero-day exploits hitting a memory corruption issue in IOMobileFrameBuffer, an oft-targeted iOS kernel extension.
Earlier this week, Malware hunters at Microsoft called attention to a nasty macOS malware family that has evolved quickly from a basic information-gathering trojan to a stealthy backdoor with more powerful capabilities.
(Excerpt) Read more at securityweek.com ...
p
Thanks for the heads up!
Downloading on my iPhone……………….
you forgot swordmaker? :-)
Just completed updating my iPhone and iPad, no problems, pretty quick overall.
What about MacOS machines? I have a variety from Mojave to Catalina to Monterey -- which ones are vulnerable, and which ones have fixes available? All the articles I find talk about the mobiles but not the Macs.
he’s in my ping list!
Oh, good -- in that case I retract my "you forgot", and instead thank you for including him. :-)
until you hear other wise assume they are all vulnerable.
Well, yeah. Problem is the older OSes on older hardware that are no longer maintained. Might be looking at having to replace the computer, which is an "update" I don't want to have to think about at the moment...
an “update” I don’t want to have to think about at the moment...
—
I know the feeling - when FF stopped working on critical sites along with Quicken, I knew the day was upon me.
I checked out the best deals I could find for used/refurbished boxes with OWC and Apple for the least money that would work for some more years.
OWC has a macMini (late 2014), supported for $169
Mac Book Air, 2015, Supported for $409
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.