Frame-14

Privacy Ninja

Apple Releases Safari 15.6.1 to Fix Zero-day Bug Used in Attacks

Apple Releases Safari 15.6.1 to Fix Zero-day Bug Used in Attacks

Apple has released Safari 15.6.1 for macOS Big Sur and Catalina to fix a zero-day vulnerability exploited in the wild to hack Macs.

The zero-day patched today (CVE-2022-32893) is an out-of-bounds write issue in WebKit that could allow a threat actor to execute code remotely on a vulnerable device.

Also Read: 6 common phishing attack examples and how to protect against them

“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” warns Apple in a security bulletin released today.

An out-of-bounds write vulnerability is when an attacker can supply input to a program that causes it to write data past the end or before the beginning of a memory buffer.

Also Read: Guarding against common types of data breaches in Singapore

This causes the program to crash, corrupt data, or in the worst-case scenario, remote code execution. Apple says they fixed the bug through improved bounds checking.

Apple says the vulnerability was disclosed by a researcher who wishes to remain anonymous.

This zero-day vulnerability is the same one that was patched by Apple yesterday for macOS Monterey and iPhone/iPads.

Apple has not provided details on how the vulnerability is being used in attacks other than saying that it “may have been actively exploited.”

This is the seventh zero-day vulnerability fixed by Apple in 2022, with the previous bugs outlined below:

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us