Apple’s New Flaws – A Safari of Vulnerabilities
Android and Apple users can’t seem to catch a break when it comes to security threats. It’s either Google Play hosting malicious apps or Apple vulnerabilities that can be actively exploited by attackers. Yes, Apple is having a tough 2022 with more than 10 bugs. And now, we’re adding two.
The flaws affect iOS. iPadOS, and macOS Monterey. Each time such vulnerabilities are in place, cybercriminals try to take advantage and infiltrate the bugged device.
So, how can they do so with these two flaws? What does the update issued by Apple include? If you’re an iPhone 8 onwards user, make sure to give this article a thorough read.
Apple Vulnerabilities – Different Flaws, Same Risk
Apple products are very popular around the world. In fact, Mac devices alone have more than 100 million active users, which only means one thing: An exploited vulnerability can do a lot of damage.
Apple users are no strangers to such flaws as this year has been full of them. We can’t forget the Shrootless vulnerability on Mac that allowed attackers to take full control of a system and implement any type of arbitrary code.
This year, Apple disclosed more than 9 vulnerabilities. Now, two more have seen the light and they’re as dangerous as their predecessors.
The flaws exist within the devices’ WebKit – the engine used to power Safari and other apps, as well as the kernel. In other words, WebKit acts as the core of the OS itself.
Each one of these vulnerabilities has its own effect in case it got exploited. The first one (CVE-2022-40303) can be used for arbitrary code execution. The second one (CVE-2022-40304) also allows code execution but uses a malicious application, i.e, full access to the device.
Here’s what Apple had to say about the two vulnerabilities:
- libxml2
- Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
- Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution
- Description: An integer overflow was addressed through improved input validation.
- CVE-2022-40303: Maddie Stone of Google Project Zero
- libxml2
- Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
- Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution
- Description: This issue was addressed with improved checks.
- CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project Zero
Apple has since fixed these flaws with a new update. Everybody using an iOS device with these flaws should install this update immediately.
Two New Vulnerabilities – Bugs By the Dozen
Apple doesn’t normally disclose vulnerabilities, but instant updates show how much it cares about its users’ online security.
The year 2022 has been full of bugs and vulnerabilities within Apple devices. However, we don’t know yet if any malicious entity has exploited the new ones. Update your devices now, you don’t want to end up as a target for cybercriminals.