My next class:

Apple Patches Two Exploited Vulnerabilities

Published: 2022-08-17. Last Updated: 2022-08-17 21:03:07 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Apple fixed two vulnerabilities that are, according to Apple, already being exploited. The WebKit vulnerability could be used by a malicious website to execute arbitrary code, while the Kernel issue can then be used to escalate privileges. No additional details are known at this point.

 

MacOS Monterey iOS/iPadOS
CVE-2022-32894 [important] Kernel
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
x x
WebKit Bugzilla [critical] WebKit
An out-of-bounds write issue was addressed with improved bounds checking.
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
x x

 

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

Keywords: 0day apple webkit
0 comment(s)
My next class:

Comments


Diary Archives