Home / About / Threat Intelligence / Memory Corruption Zero-Day Patched by Apple

Overview

Apple has released security updates to fix two zero-day vulnerabilities. One which was publicly disclosed, and the other was discovered being exploited in the wild.

One vulnerability relates to a memory corruption bug in the IOMobileFrameBuffer that affects iOS, iPadOS, and macOS Monterey, while the second is a real-time tracking vulnerability in the Safari WebKit on iOS and iPadOS.

Impact

Successful exploitation of this bug leads to arbitrary code execution with kernel privileges on compromised devices. The second zero-day vulnerability is a Safari WebKit bug in iOS and iPadOS that allows websites to track your browsing activity and users’ identities in real-time.

Products Affected

– iPhone 6s and later
– iPad Pro (all models)
– iPad Air 2 and later
– iPad 5th generation and later
– iPad mini 4 and later
– iPod touch (7th generation)
– macOS Monterey

Containment, Mitigations & Remediation

Apply updates on relevant devices shown in affected products.

Indicators of Compromise

There are currently no IOCs

Threat Landscape

These bugs are the first zero-day vulnerabilities fixed by Apple in 2022.

Apple device users appear to be vulnerable to a significant browser privacy flaw. According to 9to5Mac, FingerprintJS has disclosed an exploit that lets attackers obtain your recent browser history, and even some Google account info. iOS and macOS users should apply the updates to mitigate this Safari vulnerability as soon as they can.

Mitre Methodologies

T1055.009 – Process Injection: Proc Memory
DS0008 – Kernel
T1176 – Browser Extensions

Further Information

Safari exploit can leak browser histories and Google account info
Apple fixes array of iOS, macOS zero-days and code execution security flaws