Article 5XQNS Apple rushes out patches for two 0-days threatening iOS and macOS users

Apple rushes out patches for two 0-days threatening iOS and macOS users

by
Dan Goodin
from Ars Technica - All content on (#5XQNS)
apple-threats-800x548.jpeg

Enlarge (credit: Getty Images)

Apple on Thursday released fixes for two critical zero-day vulnerabilities in iPhones, iPads, and Macs that give hackers dangerous access to the internals of the OSes the devices run on.

Apple credited an anonymous researcher with discovering both vulnerabilities. The first vulnerability, CVE-2022-22675, resides in macOS for Monterey and in iOS or iPadOS for most iPhone and iPad models. The flaw, which stems from an out-of-bounds write issue, gives hackers the ability to execute malicious code that runs with privileges of the kernel, the most security-sensitive region of the OS. CVE-2022-22674, meanwhile, also results from an out-of-bounds read issue that can lead to the disclosure of kernel memory.

Apple disclosed bare-bones details for the flaws here and here. Apple is aware of a report that this issue may have been actively exploited," the company wrote of both vulnerabilities.

Read 3 remaining paragraphs | Comments

index?i=e_lAfJBqIuU:U861S2fjsj8:V_sGLiPB index?i=e_lAfJBqIuU:U861S2fjsj8:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments