{"id":49425,"date":"2022-08-18T20:36:44","date_gmt":"2022-08-18T20:36:44","guid":{"rendered":"https:\/\/harchi90.com\/apple-patches-double-zero-day-in-browser-and-kernel-update-now-naked-security\/"},"modified":"2022-08-18T20:36:44","modified_gmt":"2022-08-18T20:36:44","slug":"apple-patches-double-zero-day-in-browser-and-kernel-update-now-naked-security","status":"publish","type":"post","link":"https:\/\/harchi90.com\/apple-patches-double-zero-day-in-browser-and-kernel-update-now-naked-security\/","title":{"rendered":"Apple patches double zero-day in browser and kernel \u2013 update now!  \u2013 Naked Security"},"content":{"rendered":"<div>\n<p>Apple just pushed out an emergency update for two zero-day bugs that are apparently <em>actively being exploited<\/em>.<\/p>\n<p>There&#8217;s a remote code execution hole (RCE) dubbed <strong>CVE-2022-32893<\/strong> in Apple&#8217;s HTML rendering software (WebKit), by means of which a booby trapped web page can trick iPhones, iPads and Macs into running unauthorised and untrusted software code.<\/p>\n<p>Simply put, a cybercriminal could implant malware on your device even if all you did was to view an otherwise innocent web page.<\/p>\n<p>Remember that WebKit is the part of Apple&#8217;s browser engine that sits underneath absolutely all web rendering software on Apple&#8217;s mobile devices.<\/p>\n<p>Macs can run versions of Chrome, Chromium, Edge, Firefox and other \u201cnon-Safari\u201d browsers with alternative HTML and JavaScript engines (Chromium, for example, uses <em>Blink<\/em> and <em>V8<\/em>;  Firefox is based on <em>gecko<\/em> and <em>rhino<\/em>).<\/p>\n<p>But on iOS and iPadOS, Apple&#8217;s App Store rules insist that any software that offers any sort of web browsing functionality <em>must be based on WebKit<\/em>including browsers such as Chrome, Firefox and Edge that don&#8217;t rely on Apple&#8217;s browsing code on any other plaforms where you might use them.<\/p>\n<p>Additionally, any Mac and iDevice apps with popup windows such as <em>Help<\/em> or <em>About<\/em> screens use HTML as their \u201cdisplay language\u201d \u2013 a programmatic convenience that is understandably popular with developers.<\/p>\n<p>Apps that do this almost certainly use Apple&#8217;s <em>WebView<\/em> system functions, and WebView is based <em>directly on top of WebKit<\/em>so it is therefore affected by any vulnerabilities in WebKit.<\/p>\n<p>the <strong>CVE-2022-32893<\/strong> vulnerability therefore potentially affects many more apps and system components than just Apple&#8217;s own Safari browser, so simply steering clear of Safari can&#8217;t be considered a workaround, even on Macs where non-WebKit browsers are allowed.<\/p>\n<aside id=\"sophos_ad-3\" class=\"widget sophos-inline-ad sophos_widget_ad\">\n<style\/>\n<\/aside>\n<h2>Then there&#8217;s a second zero-day<\/h2>\n<p>There&#8217;s also a kernel code execution hole dubbed <strong>CVE-2022-32894<\/strong>by which an attacker who has already gained a basic foothold on your Apple device by exploiting the abovementioned WebKit bug\u2026<\/p>\n<p>\u2026could jump from controlling just a single app on your device to taking over the operating system kernel itself, thus acquiring the sort of \u201cadmininstrative superpowers\u201d \u200b\u200bnormally reserved for Apple itself.<\/p>\n<p>This almost certainly means that the attacker could:<\/p>\n<ul>\n<li><strong>Spy on any and all apps currently running<\/strong>\n<\/li>\n<li><strong>Download and start additional apps without going through the App Store<\/strong>\n<\/li>\n<li><strong>Access almost all data on the device<\/strong>\n<\/li>\n<li><strong>Change system security settings<\/strong>\n<\/li>\n<li><strong>Retrieve your location<\/strong>\n<\/li>\n<li><strong>Take screenshots<\/strong>\n<\/li>\n<li><strong>Use the cameras in the device<\/strong>\n<\/li>\n<li><strong>Activate the microphone<\/strong>\n<\/li>\n<li><strong>Copy text messages<\/strong>\n<\/li>\n<li><strong>Track your browsing\u2026<\/strong>\n<\/li>\n<\/ul>\n<p>\u2026and much more.<\/p>\n<p>Apple hasn&#8217;t said how these bugs were found (other than to credit <em>\u201can anonymous researcher\u201d<\/em>), hasn&#8217;t said where in the world they&#8217;ve been exploited, and hasn&#8217;t said who&#8217;s using them or for what purpose.<\/p>\n<p>Loosely speaking, however, a working WebKit RCE followed by a working kernel exploit, as seen here, typically provides all the functionality needed to <em>mount a device jailbreak<\/em> (therefore deliberately bypassing almost all Apple-imposed security restrictions), or to <em>install background spyware<\/em> and keep you under comprehensive surveillance.<\/p>\n<h2>What to do?<\/h2>\n<p>Patch at once!<\/p>\n<p>At the time of writing, Apple has published advisories for iPad OS 15 and iOS 15, which both get updated version numbers of <strong>15.6.1<\/strong>and for macOS Monterey 12, which gets an updated version number of <strong>12.5.1<\/strong>.<\/p>\n<p>The older supported versions of macOS (Big Sur and Catalina) haven&#8217;t yet received kernel-level patches, so the operating systems themselves haven&#8217;t been updated.<\/p>\n<p>But there&#8217;s a standalone Safari update, taking you to <strong>Safari 15.6.1<\/strong>that you need to get if you&#8217;re still running macOS 10 Big Sur or macOS 11 Catalina.<\/p>\n<ul>\n<li><strong>On your iPhone or iPad:<\/strong> <em>Settings<\/em> > <em>General<\/em> > <em>Software Update<\/em>\n<\/li>\n<li><strong>On your Mac:<\/strong> <em>apple menu<\/em> > <em>About this Mac<\/em> > <em>Software Update\u2026<\/em>\n<\/li>\n<\/ul>\n<p>There&#8217;s also an update that takes watchOS to version <strong>8.7.1<\/strong>but that update doesn&#8217;t list any CVE numbers, and doesn&#8217;t have a security advisory of its own.<\/p>\n<p>There&#8217;s no word yest on whether tvOS is immune, or is vulnerable but has not yet been patched.<\/p>\n<p>For further information, watch this space, and keep your eyes on Apple&#8217;s official Security Bulletin portal page, HT201222.<\/p>\n<\/p><\/div>\n<p>    .<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apple just pushed out an emergency update for two zero-day bugs that are apparently actively being exploited. There&#8217;s a remote code execution hole (RCE) dubbed CVE-2022-32893 in Apple&#8217;s HTML rendering software (WebKit), by means of which a booby trapped web page can trick iPhones, iPads and Macs into running unauthorised and untrusted software code. Simply &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/harchi90.com\/apple-patches-double-zero-day-in-browser-and-kernel-update-now-naked-security\/\"> <span class=\"screen-reader-text\">Apple patches double zero-day in browser and kernel \u2013 update now!  \u2013 Naked Security<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[4],"tags":[2302,18974,18975,3138,15725,18976,14675,4838,18973,16959,4092],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":48459,"url":"https:\/\/harchi90.com\/new-macos-12-5-1-and-ios-15-6-1-updates-patch-actively-exploited-vulnerabilities\/","url_meta":{"origin":49425,"position":0},"title":"New macOS 12.5.1 and iOS 15.6.1 updates patch \u201cactively exploited\u201d vulnerabilities","date":"August 17, 2022","format":false,"excerpt":"Apple has released a trio of operating system updates to patch security vulnerabilities that it says \"may have been actively exploited.\" The macOS 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 updates are available for download now and should be installed as soon as possible. The three updates all fix the same\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":48540,"url":"https:\/\/harchi90.com\/ios-15-6-1-update-now-warning-issued-to-all-iphone-users\/","url_meta":{"origin":49425,"position":1},"title":"iOS 15.6.1\u2014Update Now Warning Issued To All iPhone Users","date":"August 18, 2022","format":false,"excerpt":"Apple has released iOS 15.6.1, along with a warning to update now, because it fixes two security holes already being used to attack iPhones. The first issue fixed in iOS 15.6.1 is a vulnerability in the iPhone Kernel tracked as CVE-2022-32894 that could allow an application to execute code with\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":52431,"url":"https:\/\/harchi90.com\/google-confirms-chrome-zero-day-5-as-cve-2022-2856-attacks-begin\/","url_meta":{"origin":49425,"position":2},"title":"Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin","date":"August 22, 2022","format":false,"excerpt":"August 20 Update below. This post was originally published on August 18 If you are a Chrome browser user, be that in Windows, Mac, or Linux flavor, Google has some bad news for you. Attackers are already exploiting a high-impact security vulnerability that could lead to them gaining control of\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":19862,"url":"https:\/\/harchi90.com\/experts-uncover-new-cloudmensis-spyware-targeting-apple-macos-users-the-hacker-news\/","url_meta":{"origin":49425,"position":3},"title":"Experts Uncover New CloudMensis Spyware Targeting Apple macOS Users \u2014 The Hacker News","date":"July 20, 2022","format":false,"excerpt":"Cybersecurity researchers have taken the wraps off a previously undocumented spyware targeting the Apple macOS operating system. The malware, codenamed CloudMensis by Slovak cybersecurity firm ESET, is said to exclusively use public cloud storage services such as pCloud, Yandex Disk, and Dropbox for receiving attacker commands and exfiltrating files. \"Its\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEgvfqow2z1XORevUpzKGWWXZ2DP4dMaNi-7cycpa3J_bSZKv0tO6MP40HLl7lvVJDIswOmb6I-YoNMLJym4v9oLZQczujsMqcttB3M_Cvm6E-zLs0XrpwaTZ_SGFjckDfi3CPfijZaii8Z88_btcKeHKKfxm7cDyF3kaVvsirGpb2JWVH0Ot3xGiC2sZg\/s1600\/strike-728.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":34262,"url":"https:\/\/harchi90.com\/vmware-releases-patches-for-several-new-flaws-affecting-multiple-products\/","url_meta":{"origin":49425,"position":4},"title":"VMware Releases Patches for Several New Flaws Affecting Multiple Products","date":"August 3, 2022","format":false,"excerpt":"Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues, tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8), impact VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager,\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEgvfqow2z1XORevUpzKGWWXZ2DP4dMaNi-7cycpa3J_bSZKv0tO6MP40HLl7lvVJDIswOmb6I-YoNMLJym4v9oLZQczujsMqcttB3M_Cvm6E-zLs0XrpwaTZ_SGFjckDfi3CPfijZaii8Z88_btcKeHKKfxm7cDyF3kaVvsirGpb2JWVH0Ot3xGiC2sZg\/s1600\/strike-728.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"fifu_image_url":"https:\/\/nakedsecurity.sophos.com\/wp-content\/uploads\/sites\/2\/2022\/01\/apple-1200.png?w=775","_links":{"self":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/49425"}],"collection":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/comments?post=49425"}],"version-history":[{"count":0,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/49425\/revisions"}],"wp:attachment":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/media?parent=49425"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/categories?post=49425"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/tags?post=49425"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}