18 August 2022

Apple, Google release security updates to fix zero-days in Chrome, iOS, macOS


Apple, Google release security updates to fix zero-days in Chrome, iOS, macOS

Apple has issued security updates to address two zero-day vulnerabilities, which the tech giant says may have been exploited in the wild.

The zero-days in question are tracked as CVE-2022-32894 and CVE-2022-32893, and both have been described as an out-of-bounds write issue. The CVE-2022-32894 vulnerability exists due to a boundary error within the OS kernel component and allows arbitrary code execution with kernel privileges.

CVE-2022-32893 affects the WebKit component and could be abused for arbitrary code execution via a specially crafted website. Both bugs have been fixed with the release of macOS Monterey 12.5.1 and iOS 15.6.1/iPadOS 15.6.1.

In related news, Google has rolled out the Chrome 104 security update to fix over 10 security vulnerabilities, including a zero-day flaw being actively exploited in cyberattacks.

Tracked as CVE-2022-2856, the issue exists due to improper input validation in Intents component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.

Neither Apple, nor Google provided technical details regarding hacker attacks that exploited the above mentioned zero-day vulnerabilities.

Back to the list

Latest Posts

Cyber security week in review: September 23, 2022

Cyber security week in review: September 23, 2022

The world in brief: Cryptomarket maker Wintermute robbed of $160M in a hack, old Python bug potentially affects 350,000 open-source projects, and more.
23 September 2022
Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

The vulnerable Python tarfile module is found extensively in frameworks created by Netflix, AWS, Intel, Facebook, Google and other software.
22 September 2022
Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

The researchers said they discovered three variants of malicious scripts hidden within GTM containers that function either as e-skimmers or as downloaders for installing e-skimmers.
21 September 2022