New Safari Browser Blocks Zero-day Exploits
Dark web hackers have been obliterating Apple’s tech devices utilizing macOS Big Sur and Catalina. With this newly exploited vulnerability, the Apple tech team created and release a new browser version. The Safari 15.6.1 was recently rolled out by the tech giant to address the critical zero-day flaw, rampantly utilized in hackers’ hijacking campaigns dubbed; Macs in the wild.
According to a report documenting the zero-day bug, the flawed out-of-bounds write vulnerability in the WebKit, shows that hackers were able to execute remote malicious codes on a vulnerable device that utilizes Apple’s previous Safari browser. However, the company revealed that its tech support staff recently plugged the (CVE-2022-32893) vulnerability.
Cyber security analysts have warned that hackers who had access to remotely execute harmful codes on any devices create problems for tech users. Because this gives them the loophole to facilitate more arbitrary code execution, at even later dates.
Apple’s Vulnerable Exploits
Apple had issued a warning to its customers about clicking online content that is maliciously designed by criminal hackers. In recent times, successful arbitrary code executions have become more rampant, with vulnerabilities being actively exploited by numerous dark web hacking groups.
Researchers have reported that when a hacked program is reprogrammed with additional data at the beginning, or end of a script, it creates an out-of-bounds write vulnerability. Thus, victims experienced corrupt data files, and in worst case scenario frequent system crashes.
So far, to solve the remote code execution problem created by threat actors, Apple reported that its team of IT technicians has created protocols that work effectively to improve bounds checking, which ensures that hackers have not added malicious codes to the company’s software scripts.
Hackers Target iPads and iPhones
In addition, Apple released patches for iPads and iPhones, as well as the macOS Monterey that recorded the same zero-day vulnerability.
The actively exploited prior flaws are among the sixth zero-day vulnerability patched by Apple in 2022. Also, Apple fixed two additional zero-day flaws that targeted the AppleAVD and Intel Graphics Driver in March (CVE-2022-22674) (CVE-2022-22675).
In January, Apple further fixed two zero-days that were constantly exploited by hackers in the file (CVE-2022-22587). And two others that let criminal attackers monitor online browsing activity, as reported in file(CVE-2022-22594).
Later in February, Apple published security fixes that addressed a fresh zero-day vulnerability that threat actors used to attack iPhones, iPads, and Macs.