Apple zero day threat.Apple Patches 3 More Zero-Days Under Active Attack

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Apple cuts ties with Jony Ive after 30 years. Learn how to perform vulnerability assessments and keep your company protected against cyber attacks.
 
 

 

Urgent update for macOS and iOS! Two actively exploited zero-days fixed

 
Posted: August 18, by Pieter Arntz. Pierluigi Paganini.

 
 

Two Apple zero day vulnerabilities discovered – users must take action

 
 

The administrator of your personal data will be Threatpost, Inc. Detailed information on the processing of personal data can be found in the privacy policy.

In addition, you will find them in the message confirming the subscription to the newsletter. A memory issue affects myriad iPhone, iPad and MacOS devices and allows attackers to execute arbitrary code after processing malicious web content. Apple has patched yet another zero-day vulnerability, this time in its WebKit browser engine, that threat actors already are actively exploiting to compromise iPhones, iPads and MacOS devices.

The zero-day, tracked as CVE, is a Use-After-Free issue, which is related to incorrect use of dynamic memory during program operation. The flaw also can lead to unexpected OS crashes. These types of errors typically have two common and sometimes overlapping causes: error conditions and other exceptional circumstances, and confusion over which part of the program is responsible for freeing the memory, according to the post.

In the case of CVE, the memory in question is allocated to another pointer validly at some point after it has been freed. The original pointer to the freed memory is used again and points to somewhere within the new allocation. Apple released separate security updates for its products to address the issue — macOS Monterey Both updates improve how the OSes manage memory.

The flaw affects numerous Apple devices, including iPhone 6s and later; all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch 7th generation.

It also affects desktops and notebooks running macOS Monterey. The update is the second time this year that Apple has had to issue a patch for a zero day. Attackers could exploit the bug using a malicious app to execute arbitrary code with kernel privileges. The information-disclosure issue affects browsers for macOS, iOS and iPadOS and allows a snooping website to find out information about other tabs a user might have open.

Installing the OS Join Threatpost on Wed. Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack. Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts.

Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial. Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.

Newsletter Subscribe to our Threatpost Today newsletter Join thousands of people who receive the latest breaking cybersecurity news every day. Your name. I agree to my personal data being stored and used to receive the newsletter. I agree to accept information and occasional commercial offers from Threatpost partners.

This field is for validation purposes and should be left unchanged. Author: Elizabeth Montalbano. February 11, am. Share this article:. Memory Error These types of errors typically have two common and sometimes overlapping causes: error conditions and other exceptional circumstances, and confusion over which part of the program is responsible for freeing the memory, according to the post.

Numerous Devices Affected Apple released separate security updates for its products to address the issue — macOS Monterey Suggested articles Fake Reservation Links Prey on Weary Travelers Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

Subscribe to our newsletter, Threatpost Today! Get the latest breaking news delivered daily to your inbox. Subscribe now. Elizabeth Montalbano Nate Nelson. InfoSec Insider.