With its most recent software update, Apple addressed two new zero-day security vulnerabilities used in attacks against iPhones, Macs, and iPads.
According to BleepingComputer, the two zero-day security vulnerabilities were resolved with enhanced input validation and memory management in iOS 16.4.1, iPadOS 16.4.1, macOS Sierra 13.3.1, and Safari 16.4.1.
The first security weakness is an IOSurfaceAccelerator, which can cause data corruption, a crash, or code execution.
According to the research, successful exploitation allows attackers to execute arbitrary code with kernel privileges on targeted devices by utilising a maliciously engineered software.
When freed memory is reused, the second zero-day vulnerability in WebKit permits data corruption or arbitrary code execution.
An attacker can take advantage of this weakness by convincing targets to load malicious web pages under their control, resulting in code execution on infected systems.
Nevertheless, researchers have identified 55 zero-day vulnerabilities exploited by hackers in 2022, with the majority of them targeting Microsoft, Google, and Apple goods.
According to a Mandiant report, Microsoft, Google, and Apple products will account for the majority of zero-day vulnerabilities in 2022, as they have in previous years, and the most exploited product types will be operating systems (19), browsers (11), security, IT, and network management products (10), and mobile OS (six).
