Apple Products Remote Code Execution Vulnerability

Release Date: 11 Feb 2022 6102 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - Mac OS

TYPE: Mac OS

A vulnerability was identified in Apple Products. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

 

This vulnerability is being triggered due to a use-after-free error when processing HTML content in WebKit. The attacker can exploit this vulnerability by luring users to visit a specially crafted web page. Once the users open the malicious web page, an attacker can remotely execute malicious code on the targeted system.

 

HKCERT is aware of this vulnerability has been reported publicly that it is being exploited in the wild, and encourages users and administrators to review the security update pages for the affected products and apply the related updates as soon as possible.

 

Note:
CVE-2022-22620 is being exploited in the wild.

Impact

  • Remote Code Execution

System / Technologies affected

  • Versions prior to iOS 15.3.1
  • Versions prior to iPadOS 15.3.1
  • Versions prior to macOS Monterey 12.2.1
  • Versions prior to Safari 15.3

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 
Apply fixes issued by the vendor:
 
  • iOS 15.3.1
  • iPadOS 15.3.1
  • macOS Monterey 12.2.1
  • Safari 15.3

Vulnerability Identifier

Source

Related Link

Related Tags

AppleRemote Code ExecutionExploit In The Wild

Share with

Previous

Linux Kernel Multiple Vulnerabilities

10 Feb 2022 4677 Views

Next

SUSE Linux Kernel Multiple Vulnerabilities

14 Feb 2022 4983 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY