Apple’s Latest Safari Release 15.6.1 Addresses Actively Exploited Zero-Day Flaw
August 19, 2022
Apple has released version 15.6.1 of its Safari web browser for macOS Big Sur and Catalina to address an actively exploited zero-day Mac vulnerability.
The flaw is an out-of-bounds (OOB) write WebKit exploit that could let perpetrators execute remote arbitrary code on compromised devices.
“Processing maliciously crafted web content may lead to arbitrary code execution,” reads Apple’s security advisory. “Apple is aware of a report that this issue may have been actively exploited.”
Attackers could exploit OOB write vulnerabilities by writing data outside the memory buffer's bounds (past the end or before the beginning). Doing so could lead to data corruption and crashes, or it could let the attacker execute code remotely.
Tracked as CVE-2022-32893, the vulnerability was submitted by an anonymous researcher, but no further details are available. According to Apple, the company “doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”
Apple patched the OOB write zero-day flaw earlier this week for macOS Monterey, iPhones and iPads. The company addressed two OOB vulnerabilities in its latest security update rollout:
- CVE-2022-32894–a zero-day flaw that could allow perpetrators to perform arbitrary code execution remotely with kernel privileges
- CVE-2022-32893 – a vulnerability that could be exploited remotely by leading victims to websites hosting malicious content
To protect against these shortcomings, macOS and iOS users should update their operating systems to the latest version. The company has fixed both vulnerabilities by improving its bound-checking mechanism.
Apple includes the “most up-to-date” version of Safari in its latest macOS, iOS, and iPadOS releases. Mac, iPhone and iPad users can get the latest version of Apple’s web browser by keeping their devices’ operating systems up to date.
Specialized software solutions such as Bitdefender Ultimate Security can shield your devices against cyberthreats with features like:
- Cross-platform, multi-device malware detection and protection
- Anti-phishing module
- Adware blocker
- Automatic protection against harmful web content
- Extensive backup module to protect against ransomware attacks
tags
Author
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsRight now Top posts
Torrents with Pirated TV Shows Used to Push Lumma Stealer Malware
November 14, 2024
What Key Cyberthreats Do Small Businesses Face?
September 06, 2024
FOLLOW US ON SOCIAL MEDIA
You might also like
Bookmarks
