With the latest fix, Apple has closed out eight actively exploited zero-day flaws and one publicly-known zero-day vulnerability since the start of the year -
- CVE-2022-22587 (IOMobileFrameBuffer) – A malicious application may be able to execute arbitrary code with kernel privileges
- CVE-2022-22594 (WebKit Storage) – A website may be able to track sensitive user information (publicly known but not actively exploited)
- CVE-2022-22620 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2022-22674 (Intel Graphics Driver) – An application may be able to read kernel memory
- CVE-2022-22675 (AppleAVD) – An application may be able to execute arbitrary code with kernel privileges
- CVE-2022-32893 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2022-32894 (Kernel) – An application may be able to execute arbitrary code with kernel privileges
- CVE-2022-32917 (Kernel) – An application may be able to execute arbitrary code with kernel privileges
Aside from CVE-2022-42827, the update also addresses 19 other security vulnerabilities, including two in Kernel, three in Point-to-Point Protocol (PPP), two in WebKit, and one each in AppleMobileFileIntegrity, Core Bluetooth, IOKit, Sandbox, and more.
Full article: https://thehackernews.com/2022/10/apple-releases-patch-for-new-actively.html