AMKIO

AMKIO

Del

CVE - CVE-2022-32893 19/08/2022

A set of critical Arbitrary-remote-code-ex*****on exploits for Apple devices, new and old, macOS, iPadOS and iOS, have been uncovered by Apple. Find mitigation and explanation below 👇🏼

Information from Apple regarding the 2 CVE’s:
WebKit: https://support.apple.com/en-us/HT213414

macOS: https://support.apple.com/en-us/HT213413

iOS and iPadOS: https://support.apple.com/en-us/HT213412

The following is an excerpt from Malwarebytes, article: https://www.malwarebytes.com/blog/news/2022/08/urgent-update-for-macos-and-ios-two-actively-exploited-zero-days-fixed

Excerpt:
—————————————————
Kernel privileges:
CVE-2022-32894: An out-of-bounds write issue was addressed with improved bounds checking. The vulnerability could allow an application to execute arbitrary code with kernel privileges. The kernel privileges are the highest possible privileges, so an attacker could take complete control of a vulnerable system by exploiting this vulnerability.

Apple points out that they are aware of a report that this issue may have been actively exploited.

WebKit exploit:
CVE-2022-32893: An out-of-bounds write issue was addressed with improved bounds checking. Processing maliciously crafted web content may lead to arbitrary code ex*****on. An attacker could lure a potential victim to a specially crafted website or use malvertising to compromise a vulnerable system by exploiting this vulnerability. Since the vulnerability exists in Apple’s HTML rendering software (WebKit). WebKit powers all iOS web browsers and Safari, so possible targets are iPhones, iPads, and Macs which could all be tricked into running unauthorized code.

Apple points out that they are aware of a report that this issue may have been actively exploited.
—————————————————

Mitigate by updating all devices to:
iOS 15.6.1+
iPadOS 15.6.1+
macOS Monterey 12.5.1+

CVE’s can be found here:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32894

And

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32893

CVE - CVE-2022-32893 The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

Vil du plassere din virksomhed på toppen av Computer Og Elektronik Service-listen i Aarhus?
Klik her for at gøre krav på din sponsorerede post.

Telefon

Internet side

Adresse


Mariane Thomsens Gade 4b, 4. Sal
Aarhus
8000

Hvad er åbningstiderne?

Mandag 07:00 - 17:00
Tirsdag 07:00 - 17:00
Onsdag 07:00 - 17:00
Torsdag 07:00 - 17:00
Fredag 07:00 - 17:00