Apple has released version 15.6.1 of its Safari web browser for macOS Big Sur and Catalina to address an actively exploited zero-day Mac vulnerability.
The flaw is an out-of-bounds (OOB) write WebKit exploit that could let perpetrators execute remote arbitrary code on compromised devices.
“Processing maliciously crafted web content may lead to arbitrary code execution,” reads Apple’s security advisory. “Apple is aware of a report that this issue may have been actively exploited.”
Attackers could exploit OOB write vulnerabilities by writing data outside the memory buffer’s bounds (past the end or before the beginning). Doing so could lead to data corruption and crashes, or it could let the attacker execute code remotely.
Tracked as CVE-2022-32893, the vulnerability was submitted by an anonymous researcher, but no further details are available. According to Apple, the company “doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”
Apple patched the OOB write zero-day flaw earlier this week for macOS Monterey, iPhones and iPads. The company addressed two OOB vulnerabilities in its latest security update rollout:
- CVE-2022-32894–a zero-day flaw that could allow perpetrators to perform arbitrary code execution remotely with kernel privileges
- CVE-2022-32893 – a vulnerability that could be exploited remotely by leading victims to websites hosting malicious content
To protect against these shortcomings, macOS and iOS users should update their operating systems to the latest version. The company has fixed both vulnerabilities by improving its bound-checking mechanism.
Apple includes the “most up-to-date” version of Safari in its latest macOS, iOS, and iPadOS releases. Mac, iPhone and iPad users can get the latest version of Apple’s web browser by keeping their devices’ operating systems up to date.
Specialized software solutions such as Bitdefender Ultimate Security can shield your devices against cyberthreats with features like:
- Cross-platform, multi-device malware detection and protection
- Anti-phishing module
- Adware blocker
- Automatic protection against harmful web content
- Extensive backup module to protect against ransomware attacks