Apple Patched Two Zero-Day Bugs And Other Flaws With iOS 15.3, Safari 15.3

Heads up, iPhone users! Apple has just rolled out the first major updates of the year 2022 for users. With iOS 15.3 and Safari 15.3, Apple fixed numerous vulnerabilities, including two zero-day bugs.

Apple iOS 15.3 Address Two Zero-Day Bugs

As evident through its advisory, Apple has just patched two serious zero-day bugs affecting iOS devices.

Specifically, the first of these is a memory corruption flaw in the IOMobileFrameBuffer component. Exploiting this vulnerability (CVE-2022-22587) could allow an attacker to use maliciously crafted apps to execute arbitrary codes on the target devices with kernel privileges.

As mentioned in the advisory, Apple fixed the flaw by improving input validation. The tech giant also acknowledged multiple researchers for reporting the same vulnerability.

Alongside this patch, Apple also addressed some other serious vulnerabilities, such as a memory corruption issue in the ColorSync (CVE-2022-22584), buffer overflow (CVE-2022-22593) in the Linux Kernel, use after free (CVE-2022-22590) in WebKit, all of which would allow arbitrary code execution.

In all, Apple patched ten security flaws with iOS 15.3 and iPadOS 15.3. These updates are available for iPhone 6s and later, iPad Air 2 and later, iPad Pro (all models), iPad 5th gen and later, iPad mini 4 and later, and iPod touch (7th gen).

The second zero-day vulnerability existed in the Apple Safari web browser. Describing it (CVE-2022-22594) in a separate advisory, Apple stated that a cross-origin issue in the IndexDB API could allow tracking users’ data. The tech giant fixed this vulnerability with improved input validation.

This is seemingly the same vulnerability that FingerprintJS researchers disclosed earlier this month.

Alongside this flaw, Apple patched three other Webkit vulnerabilities with the same release.

The Safari 15.3 update is available for macOS Big Sur and macOS Catalina devices.

Since the updates are out, users must ensure updating their devices with the recent fixes to avoid any exploits.

Let us know your thoughts in the comments.

Related posts

NachoVPN Attack Risks Corporate VPN Clients

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites