[Security News]Zero-day vulnerability in “macOS” and “iOS” — Risk of code execution when browsing the web (1st page / 1st page in total): Security NEXT

Apple has released security updates for macOS and iOS. It is said that it has addressed the “zero-day vulnerability” that has already been reported to be exploited.

This update resolves “CVE-2022-22620”, which might execute arbitrary code when processing specially crafted web content in “WebKit”. It is said that it is a so-called “Use After Free” vulnerability that uses the memory following release, and there are already reports of exploitation.

The company has released “iOS 15.3.1” and “iPad OS 15.3.1” that fix the vulnerability for the company’s smartphone “iPhone” and tablet terminal “iPad”.

Also, for Mac, the latest OS “macOS Monterey 12.2.1” was released, and “macOS Big Sur” and “macOS Catalina” were fixed by updating “Safari 15.3”. After updating “Safari 15.3”, “macOS Big Sur” will have a build number of “16612.4.9.1.8” and “macOS Catalina” will have a build number of “15612.4.9.1.8”.

(Security NEXT – 2022/02/14 )

Related Links

PR

Related article

SAP releases monthly patch for February-fixes high-value vulnerabilities
Vulnerabilities in “Citrix Hypervisor” and “XenServer” –Hotfix released
MS Releases Monthly Security Patch-Corresponds to 48 Vulnerabilities
Vulnerability in chat function of online conference “Zoom” — risk of receiving “zip bomb attack”
Serious vulnerability in multiple Adobe products such as “Adobe Illustrator”
Vulnerability in multiple routers made by ELECOM-command execution is possible from the development screen
“Firefox 97” released-fixed 12 vulnerabilities
Multiple vulnerabilities in Fortinet WAF “FortiWeb” –fixed by update
Vulnerability in “Insyde H2O UEFI” adopted by major PC makers-Great impact when compromised
Multiple vulnerabilities in Cisco router “RV series” -serious impact such as code execution

Leave a Replay