Apple fixes ninth zero-day vulnerability used in attacks against iPhones

Share post:

Apple confirmed in an advisory that it has fixed a zero-day vulnerability used in attacks against iPhones. The flaw marks the ninth zero-day bug Apple has fixed in 2022, although the tech giant says the vulnerability “may have been actively exploited.”

Despite confirmation that the vulnerability is being actively exploited, Apple has not yet released any information about the attacks. It is believed that the refusal to disclose details will allow Apple customers to patch their devices before more attackers develop additional exploits and use them in attacks.

The bug in question is an out-of-bounds write issue reported to Apple by an anonymous researcher, caused by software that writes data outside the limits of the current memory buffer.

Successful exploitation can lead to data corruption, application crashes or code execution due to undefined or unexpected results due to subsequent data written to the buffer.

Apple warned that the vulnerability could be exploited in attacks and used by potential attackers to execute arbitrary code with kernel privileges.

Affected are Apple devices from iPhone 8, iPad (all models), iPad Air from the 3rd generation and later, iPad from the 5th generation and later, and iPad mini from the 5th generation and later.

The sources for this piece include an article in BleepingComputer.


Related articles

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Security bug may allow anyone to spoof Microsoft employee emails

A security researcher claims to have discovered a bug that enables anyone to impersonate Microsoft corporate email accounts,...

Cyber Security Today, June 19, 2024 – How an attacker hid on an IT network for three years

How an attacker hid on an IT network for three years Welcome to Cyber Security Today. It's Wednesday June...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways