Apple patched a high-severity zero-day vulnerability that allows attackers to remotely execute malicious code that runs with the highest privileges inside the operating system of fully up-to-date phones and tablets.
Apple said in an advisory that the vulnerability may have been actively exploited. An out-of-bounds write is the cause of the memory corruption flaw. Such vulnerabilities can be exploited by hackers so that they can cause an OS to execute.
Apple did not say who reported the vulnerability.
Apple fixed seven zero-days in the first seven months of the year, not including the one that was included in the spreadsheet. There is an Apple zero-day total of eight for the year. Bleeping Computer said that Apple has fixed nine zero-days in the last ten months.
AdvertisementZero-days are vulnerabilities that are discovered and exploited before a patch can be released to fix them. A single zero-day can sell for a million dollars. To protect their investment, attackers who have access to zero-days typically work for nation-states or other organizations with deep pockets. The value of the exploit plummets once the vendor learns of the zero day.
Most people won't be targeted by this vulnerability. Now that a patch is available, other attackers will be able to reverse engineer it to create their own exploits. Affected users should make sure they are running the latest version of the operating system for their device.
The updates fix two vulnerabilities in the kernel, three in Point-to-Point Protocol, two in WebKit, and one in Apple MobileFileIntegrity.
The post was updated to say "rushes out" instead of "releases" in the headline.
All Rights Reserved © 2024
