Google Project Zero researchers have revealed insights into a vulnerability in Apple Safari that has been extensively exploited in the wild. The vulnerability, known as CVE-2022-22620, was first patched in 2013, but experts identified a technique to overcome it in 2016.
Apple has updated a zero-day vulnerability in the WebKit that affects iOS, iPadOS, macOS, and Safari and could have been extensively exploited in the wild, according to CVE org.
In February, Apple patched the zero-day vulnerability; it’s a use-after-free flaw that may be accessed by processing maliciously generated web content, spoofing credentials, and resulting in arbitrary code execution .”When the issue was first discovered in 2013, the version was patched entirely,” Google Project Zero’s Maddie Stone stated. “Three years later, amid substantial restructuring efforts, the variant was reintroduced. The vulnerability remained active for another five years before being addressed as an in-the-wild zero-day in January 2022.”
While the flaws in the History of API bug from 2013 and 2022 are fundamentally the same, the routes to triggering the vulnerability are different.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: