Apple fixes 2 zero-day bugs exploited to hack iPhones, Macs
San Francisco: Apple has fixed two new zero-day security vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads, in its latest software update.
According to BleepingComputer, the two zero-day security vulnerabilities were addressed in iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1 with improved input validation and memory management.
The first security flaw is an IOSurfaceAccelerator that could lead to the corruption of data, a crash, or code execution.
Successful exploitation enables attackers to execute arbitrary code with kernel privileges on targeted devices by using a maliciously crafted app, said the report.
The second zero-day vulnerability is a WebKit that allows data corruption or arbitrary code execution when freed memory is reused.
An attacker can exploit this flaw by tricking targets into loading malicious web pages under their control, resulting in code execution on compromised systems.
Meanwhile, researchers have tracked 55 zero-day vulnerabilities that were exploited in 2022 by the hackers, mostly targeting Microsoft, Google and Apple products.
According to information security company Mandiant report, products of Microsoft, Google and Apple made up the majority of zero-day vulnerabilities in 2022, consistent with the previous years, and the most exploited product types were operating systems (19), followed by browsers (11), security, IT, and network management products (10), and mobile OS (six).