Các bài viết liên quan:
On Wednesday, Apple rolled out software fixes for iOS, iPadOS, macOS, tvOS and watchOS to address some of the security flaws affecting their platforms.
This includes at least 37 vulnerabilities covering various components in iOS and macOS, ranging from privilege escalation to arbitrary code execution, and from information disclosure to denial of service (DoS).
Chief among them is CVE-2022-2294, a memory corruption bug in the WebRTC component that Google disclosed earlier this month as being exploited in real-world attacks against browser users. Chrome. However, there is no evidence of exploits of the vulnerability in the wild targeting iOS, macOS, and Safari.
In addition to CVE-2022-2294, the updates also address a number of arbitrary code execution bugs affecting the Apple Neural Engine (CVE-2022-32810, CVE-2022-32829, and CVE-2022-32840), Audio stick (CVE-2022-32820), GPU Driver (CVE-2022-32821), ImageIO (CVE-2022-32802), IOMobileFrameBuffer (CVE-2022-26768), Kernel (CVE-2022-32813 and CVE-2022 -32815) and WebKit (CVE-2022- 32792).
The patch is also patched to bypass Pointer Validation affecting the Kernel (CVE-2022-32844), a DoS bug in the ImageIO component (CVE-2022-32785), and two privilege escalation bugs in AppleMobileFileIntegrity and Events file system (CVE-2022-32819 and CVE-2022-32826).
Furthermore, the latest version of macOS addressed five security vulnerabilities in the SMB module that could be exploited by a malicious application to gain elevated privileges, leak sensitive information, and perform execute arbitrary code with kernel privileges.
Apple device users are recommended to update to iOS 15.6, iPadOS 15.6, macOS (Monterey 12.5, Big Sur 11.6.8 and 2022-005 Catalina), tvOS 15.6, and watchOS 8.7 to get the latest security measures.
.
