RiSec 26 January 2022
Apple has released security updates to patch two zero-day vulnerabilities, with one publicly disclosed and the other exploited in the wild by attackers to hack into iPhones and Macs. The first zero-day patched today (tracked as CVE-2022-22587) [1, 2] is a memory corruption bug in the IOMobileFrameBuffer that affects iOS, iPadOS, and macOS Monterey. Successful exploitation of this bug leads to arbitrary code execution with kernel privileges on compromised devices. “Apple is aware of a report that this issue may have been actively exploited,” Apple said when describing the zero-day...