{"id":18139,"date":"2022-02-02T11:11:30","date_gmt":"2022-02-02T19:11:30","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/02\/02\/news-11872\/"},"modified":"2022-02-02T11:11:30","modified_gmt":"2022-02-02T19:11:30","slug":"news-11872","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/02\/02\/news-11872\/","title":{"rendered":"Update now! Apple patches another actively used zero-day"},"content":{"rendered":"

Credit to Author: Pieter Arntz| Date: Thu, 27 Jan 2022 21:56:12 +0000<\/strong><\/p>\n

Apple has released patches for iOS 15.3, iPadOS 15.3, and macOS Monterey 12.2 and is urging users to update. The most significant reasons are two actively exploited zero-day vulnerabilities, one of which has a publicly disclosed Proof-of-Concept (PoC).<\/p>\n

Using this vulnerability, designated CVE-2022-22587<\/a>, a malicious app could execute random code with kernel privileges.<\/p>\n

Why did it take so long<\/h2>\n

The zero-day appears to have been found and reported by at least two researchers independently of each other. Apple acknowledged an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition \u2013 Mercedes-Benz Innovation Lab, and Siddharth Aeri (@b1n4r1b01) for having reported this flaw.<\/p>\n

The two researchers both stated that it took a long time for this bug to be acknowledged and fixed. One of them posted a Proof-of-Concept (PoC) on January 1st.<\/p>\n

\n
\n
\n

while my californian friends are still waiting for 2022 how about a kernel oob read that works on the latest iOS 15.2 \"\ud83d\ude42\" https:\/\/t.co\/qo0WLLsQIV<\/a> https:\/\/t.co\/HZA0y5Sghi<\/a><\/p>\n

— binaryboy (@b1n4r1b01) January 1, 2022<\/a><\/p><\/blockquote>\n