- By Ashish Singh
- Mon, 10 Apr 2023 05:34 PM (IST)
- Source:JND
APPLE, a California-based technology company which is known for its strict and secure user interface and even stricter policies has now fixed two new zero-day security vulnerabilities which could have been exploited in the attacks by hackers. According to a report, the two zero-day security vulnerabilities were addressed in iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1 with improved input validation and memory management.
Here are the two security flaws which could have led to data corruption or arbitrary code execution:
1. IOSurfaceAccelerator:
The first security flaw, according to the report, was with the IOSurfaceAccelerator, which could lead to data corruption, a crash, or code execution. According to the report, successful exploitation allows attackers to execute arbitrary code with kernel privileges on targeted devices by using a maliciously crafted app.
2. WebKit:
A WebKit flaw that permits data corruption or arbitrary code execution when freed memory is used again was the second zero-day vulnerability. By tricking targets into loading malicious web pages under their control, an attacker can take advantage of this flaw and execute code on infected systems.
In the meantime, the researchers have identified 55 zero-day flaws that hackers exploited in 2022, primarily targeting Apple, Google, and Microsoft products. As in previous years, Microsoft, Google, and Apple's products accounted for the majority of zero-day vulnerabilities in 2022, according to a report from information security company Mandiant. The most exploited product types were operating systems (19), followed by browsers (11), security, IT, and network management products (10), and mobile OS. (six).
Meanwhile, Apple is all set to introduce next-generation software including iOS 17 at the upcoming Worldwide Developers Conference 2023 which will start on 5 June 2023 and will end on 9 June 2023.
(With Agency Inputs)