Message-ID:

6 May, 2024: The networking issue during the past two days has been identified and may be fixed. Will keep monitoring.

computers / comp.sys.mac.system / Two more zero-day exploits in the wild give hackers full control over iOS, iPadOS and macOS

Two more zero-day exploits in the wild give hackers full control over iOS, iPadOS and macOS

<tdng20$2r0kc$1@paganini.bofh.team>

copy mid

https://www.novabbs.com/computers/article-flat.php?id=14850&group=comp.sys.mac.system#14850

copy link Newsgroups: comp.sys.mac.system

Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: newskr...@krawl.org (NewsKrawler)
Newsgroups: comp.sys.mac.system
Subject: Two more zero-day exploits in the wild give hackers full control over iOS, iPadOS and macOS
Date: Fri, 19 Aug 2022 08:02:09 -0000 (UTC)
Organization: To protect and to server
Message-ID: <tdng20$2r0kc$1@paganini.bofh.team>
Injection-Date: Fri, 19 Aug 2022 08:02:09 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="2982540"; posting-host="5IFKlfXIIF692ushLKoxOA.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team";
X-Notice: Filtered by postfilter v. 0.9.1

by: NewsKrawler - Fri, 19 Aug 2022 08:02 UTC

https://www.helpnetsecurity.com/2022/08/18/cve-2022-32894-cve-2022-32893-cve-2022-2856/
Apple fixes exploited zero-days

Apple has released security updates for iOS, iPadOS, and macOS Monterey to
fix CVE-2022-32894 and CVE-2022-32893, two code execution vulnerabilities
exploited by attackers in the wild.

CVE-2022-32894 is out-of-bounds write issue in the operating systems'
kernel that can be exploited by a malicious application to execute
arbitrary code with kernel privileges (and take control over the entire
system)

CVE-2022-32893 is out-of-bounds write issue in WebKit - Apple's browser
engine that powers its Safari web browser and all iOS web browsers - that
can be triggered by the processing of maliciously crafted web content. It,
as well, can lead to arbitrary code execution.

All users should implement the updates as soon as possible, by upgrading to
iOS 15.6.1
iPadOS 15.6.
macOS 12.5.1

A researcher found the exploits and told Apple about them.

Re: Two more zero-day exploits in the wild give hackers full control over iOS, iPadOS and macOS

<tdnh67$35a1$1@solani.org>

copy mid

https://www.novabbs.com/computers/article-flat.php?id=14851&group=comp.sys.mac.system#14851

copy link Newsgroups: comp.sys.mac.system

Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: hugyb...@gmx.ch (Joerg Lorenz)
Newsgroups: comp.sys.mac.system
Subject: Re: Two more zero-day exploits in the wild give hackers full control
over iOS, iPadOS and macOS
Date: Fri, 19 Aug 2022 10:21:27 +0200
Message-ID: <tdnh67$35a1$1@solani.org>
References: <tdng20$2r0kc$1@paganini.bofh.team>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 19 Aug 2022 08:21:27 -0000 (UTC)
Injection-Info: solani.org;
logging-data="103745"; mail-complaints-to="abuse@news.solani.org"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.11.0
Cancel-Lock: sha1:vaQ5MlztRe0mzFnH3sjaKtszoVU=
In-Reply-To: <tdng20$2r0kc$1@paganini.bofh.team>
X-User-ID: eJwFwQkBwDAIA0BL5QkEOdAO/xJ2BwuJmx4Ix2I5nWalNx+V7jbpIopv2TU2pwfkvjpIdvgPDAIQgQ==
Content-Language: de-CH

by: Joerg Lorenz - Fri, 19 Aug 2022 08:21 UTC

Subject	Author
Two more zero-day exploits in the wild give hackers full control over iOS, iPadO	NewsKrawler
Re: Two more zero-day exploits in the wild give hackers full control	Joerg Lorenz