Apple has released version 15.6.1 of its Safari web browser for macOS Big Sur and Catalina to address an actively exploited zero-day Mac vulnerability.
The flaw is an out-of-bounds (OOB) write WebKit exploit that could let perpetrators execute remote arbitrary code on compromised devices.
“Processing maliciously crafted web content may lead to arbitrary code execution,” reads Apple’s security advisory. “Apple is aware of a report that this issue may have been actively exploited.”
Attackers could exploit OOB write vulnerabilities by writing data outside the memory buffer's bounds (past the end or before the beginning). Doing so could lead to data corruption and crashes, or it could let the attacker execute code remotely.
Tracked as CVE-2022-32893, the vulnerability was submitted by an anonymous researcher, but no further details are available. According to Apple, the company “doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”
Apple patched the OOB write zero-day flaw earlier this week for macOS Monterey, iPhones and iPads. The company addressed two OOB vulnerabilities in its latest security update rollout:
To protect against these shortcomings, macOS and iOS users should update their operating systems to the latest version. The company has fixed both vulnerabilities by improving its bound-checking mechanism.
Apple includes the “most up-to-date” version of Safari in its latest macOS, iOS, and iPadOS releases. Mac, iPhone and iPad users can get the latest version of Apple’s web browser by keeping their devices’ operating systems up to date.
Specialized software solutions such as Bitdefender Ultimate Security can shield your devices against cyberthreats with features like:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsDecember 27, 2024
December 24, 2024
December 19, 2024