Apple Patches Actively Exploited Zero-day Vulnerability in iOS and iPadOS (CVE-2022-42856)

Apple has released an update to address an actively exploited zero-day vulnerability in WebKit. Tracked as CVE-2022-42856, this is a type confusion vulnerability that could allow arbitrary code execution on a vulnerable device.    Clément Lecigne of Google’s Threat Analysis Group has discovered this vulnerability. The advisory says, “This issue may have been actively exploited … Continue reading “Apple Patches Actively Exploited Zero-day Vulnerability in iOS and iPadOS (CVE-2022-42856)”

Apple Releases Security Updates to patch two Zero-Day Vulnerabilities (CVE-2022-32893 and CVE-2022-32894)

Apple has rolled out emergency security updates to patch two zero-day vulnerabilities, known to be under exploitation to hack iPhones, iPads and Macs. The two zero-days are being tracked as CVE-2022-32893 and CVE-2022-32894. The vulnerabilities are known to affect all iPhones, iPads and MacOS. CVE-2022-32893 is an out-of-bounds vulnerability that might lead to arbitrary code … Continue reading “Apple Releases Security Updates to patch two Zero-Day Vulnerabilities (CVE-2022-32893 and CVE-2022-32894)”

Apple Releases Emergency Updates for Two Zero-Day Vulnerabilities (CVE-2022-22674 & CVE-2022-22675)

Apple has released security updates to patch two zero-day vulnerabilities (CVE-2022-22674 and CVE-2022-22675) exploited by attackers to hack iPhones, iPads, and Macs. Apple revealed active exploitation in the wild but did not provide any other information about the attacks.     Withholding this information should allow security patches to reach as many iPhones, iPads, and Macs … Continue reading “Apple Releases Emergency Updates for Two Zero-Day Vulnerabilities (CVE-2022-22674 & CVE-2022-22675)”

Apple releases security updates to fix severe vulnerabilities including two zero-day exploits

Apple has released a security update to address various previously exploited vulnerabilities including one exploited in the wild. The security update covers the serious security bugs in macOS and iOS/iPadOS.  The first zero-day (CVE-2022-22587) is a memory corruption flaw that a malicious app might use to run arbitrary code with kernel privileges. The vulnerability affects … Continue reading “Apple releases security updates to fix severe vulnerabilities including two zero-day exploits”

New Apple Safari 15 vulnerability allows cross-site tracking of users’ data

A software flaw in Apple Safari 15’s implementation of the IndexedDB API could be used by a malicious website to track users’ online activities and worse expose their identities.    IndexedDB is a low-level JavaScript API for maintaining NoSQL databases of structured data items such as files and blobs that are supplied by web browsers. … Continue reading “New Apple Safari 15 vulnerability allows cross-site tracking of users’ data”

Apple releases emergency update to address the arbitrary code execution zero-day vulnerability (CVE-2021-30883)

On Monday, Apple released an iPhone security update to fix a major vulnerability that is being exploited in the wild. With the latest patch, the corporation has now resolved a total of 17 zero-days in 2021 – a new high.    The vulnerability CVE-2021-30883 involves a memory corruption flaw in the IOMobileFrameBuffer component. This flaw allows an application to run arbitrary … Continue reading “Apple releases emergency update to address the arbitrary code execution zero-day vulnerability (CVE-2021-30883)”

Apple Arbitrary Code Injection Vulnerability (CVE-2021-30869)

Apple provided security fixes to address a zero-day vulnerability on Thursday. The attackers have used it in the wild to break into iPhones and Macs running older versions of iOS and macOS. Apple has also provided patches for a previously patched security flaw exploited by NSO Group’s Pegasus surveillance tool to target iPhone users.  CVE-2021-30869 is a zero-day vulnerability. This is a type-confusion hole in Apple’s … Continue reading “Apple Arbitrary Code Injection Vulnerability (CVE-2021-30869)”

Apple Zero-Day Arbitrary Code Execution Vulnerabilities (CVE-2021-30858 and CVE-2021-30860)

Apple released an emergency security release on September 13, 2021 to address two arbitrary code execution vulnerabilities, CVE-2021-30858 and CVE-2021-30860. According to Apple, both vulnerabilities allow maliciously crafted documents to execute arbitrary code on vulnerable devices. Apple addressed the issue saying, “Apple is aware of a report that this issue may have been actively exploited.” … Continue reading “Apple Zero-Day Arbitrary Code Execution Vulnerabilities (CVE-2021-30858 and CVE-2021-30860)”

Apple Wireless Direct Link (AWDL) Denial of Service vulnerability(CVE-2020-3843)

Overview Apple Wireless Direct Link (AWDL), the wireless protocol that ensures uninterrupted communications among various Apple devices globally, was recently infected by, a trivial bug resulting into buffer overflow via kernel memory corruption in wi-fi driver of AWDL. Ian Beer, a google project zero researcher detailed out this vulnerability was exploitable on various iPhones and other iOS devices until May 2020. … Continue reading “Apple Wireless Direct Link (AWDL) Denial of Service vulnerability(CVE-2020-3843)”

Kr00k Wi-Fi Vulnerability (CVE-2019-15126)

Summary: In last week of February,2020, after MSPT, a serious vulnerability in Wi-Fi chips, formally known as CVE-2019-15126., very well known as Kr00K in the wild. Krook was hot topic to be discussed in RSA conference 2020. Description: What is Kr00k? Krook is a vulnerability  of the wireless egress packet implementation and processing of certain … Continue reading “Kr00k Wi-Fi Vulnerability (CVE-2019-15126)”