Apple Fixes Highly Exploitable Zero-day Vulnerability

Apple released its latest version of macOS, “Monterey 12.2”. Along with the release of the latest OS version, Apple has also pushed the security updates to fix the critical zeroday vulnerability in its product. The security updates released on 26th January 2022 are very important for all users.

There are 13 vulnerabilities fixed in this update based on CVE numbers. Defects that could lead to arbitrary code execution, root permission stealing, unexpected application termination, bypassing file access restrictions, etc. have been addressed.

Among them, the memory corruption problem (CVE-2022-22587) found in "IOMobile Frame Buffer" seems to have already been abused in the wild, so immediate action is required. It is said that a malicious application can execute arbitrary code with kernel privileges, so it is desirable to deal with it as soon as possible. This vulnerability has been fixed in iOS 15.3 and iPad OS 15.3.

The complete list of impacted devices includes:

iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) and macOS Monterey

Along with this Apple also fixed the user's data leak bug on Safari, which allowed websites to track your browsing activity and users' identities in real-time. The bug was discovered by Martin Bajanik of FingerprintJS and was assigned the CVE-2022-22594.

In addition, "macOS Big Sur 11.6.3" and "Security Update 2022-001 Catalina" have also been released. Seven vulnerabilities have been fixed in "macOS Big Sur 11.6.3" and five in "Security Update 2022-001 Catalina". Please note that "macOS Big Sur" is affected by "CVE-2022-22587", which has been abused.