Apple zero day threat

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Successful exploitation can then lead to complete control of the target system, data destruction, or exfiltration of sensitive information.

The second is CVE The vulnerability could be exploited by a malicious application to execute arbitrary code with the highest privileges by writing data past the end of the intended buffer leading to corruption of data, crashing of the kernel, or code execution within the kernel. Further, we advise users to enable their automatic software updates. Since the start of the year, Apple has seen six zero-day vulnerabilities including the two today.

CVE was a malicious application that was potentially able to execute arbitrary code with kernel privileges. In WebKit, CVE processed maliciously crafted web content that could lead to arbitrary code execution. And finally, there was the AppleAVD vulnerability.

Both vulnerabilities are seeing significant interest by cyber threat researchers and will likely be a target for attackers over the next few days. The race is on to patch and remediate these vulnerabilities within your organization. Automox recommends patching macOS to Monterey The issue tracked as CVE is described by Apple as a use-after-free issue that the company addressed with improved memory management. A third bug patched in the iOS update — a zero-click exploit discovered by Citizen Lab — already made headlines earlier this month when Apple issued a series of emergency patches on Sept.

The vulnerability allows for an attacker to process a maliciously crafted PDF that may lead to arbitrary code execution.

It could allow remote attackers to trick users into running arbitrary commands. Your top takeaway will be a Linux roadmap to getting the basics right!

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics.

Content strives to be of the highest quality, objective and non-commercial. Sponsored Content is paid for by an advertiser.

Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content. Newsletter Subscribe to our Threatpost Today newsletter Join thousands of people who receive the latest breaking cybersecurity news every day.

Your name. I agree to my personal data being stored and used to receive the newsletter.

 
 

 

Two Apple zero day vulnerabilities discovered – users must take action

 
The zero-days would be the sixth and seventh vulnerabilities disclosed by Apple this year. The company reported 17 zero-days in Apple addressed two zero-day vulnerabilities, exploited by threat actors, affecting iOS, iPadOS, and macOS devices. Apple this week released.