Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild

iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild.

Apple on Wednesday released 13 patches for serious security bugs in macOS and 10 for flaws in iOS/iPadOS. They include fixes for two zero-day bugs, one of which may have been exploited by attackers in the wild.

The first zero-day (CVE-2022-22587) is a memory-corruption issue that could be exploited by a malicious app to execute arbitrary code with kernel privileges. The bug specifically exists in the IOMobileFrameBuffer – a kernel extension that allows developers to control how a device’s memory handles the screen display, aka a framebuffer. It affects iOS, iPadOS and macOS Monterey, and Apple addressed it with improved input validation.

Apple also said it’s aware of a report that indicates it may have been actively exploited in the wild.

The update is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Data-Exposing Apple Safari Bug Squashed

Also out is a fix for a second zero day:

Read More: https://threatpost.com/apple-zero-day-security-exploited/178040/