Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild

Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild

Comments Off on Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild

A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero.

The issue, tracked as CVE-2022-22620 (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could be exploited by a piece of specially crafted web content to gain arbitrary code execution.

In early February 2022, Apple shipped patches for the bug across Safari, iOS, iPadOS, and macOS, while acknowledging that it “may have been actively exploited.”

“In this case, the variant was completely patched when the vulnerability was initially reported in 2013,” Maddie Stone of Google Project Zero said. “However, the variant was reintroduced three years later during large refactoring efforts. The vulnerability then continued to exist for 5 years until it was fixed as an in-the-wild zero-day in January 2022.”

While both the 2013 and 2022 bugs in the History API are essentially the same, the paths to trigger the vulnerability are different. Then subsequent code changes undertaken years later revived the zero-day flaw from the dead like a “zombie.”

Read the full article here – https://thehackernews.com/2022/06/google-researchers-detail-5-year-old.html

Share this post

Author

Related Posts

Email Security, Phishing, Spam,
17Aug

Spot Scams & Phishing with these 10 Email Security Essentials

With every organization interacting primarily with emails, it is... read more

06Jan

DoD Publishes CMMC Assessment Guides for Level One and Level Two Assessments

The Department of Defense (DOD) published the Cybersecurity Maturity... read more

28Mar

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability

Google Chrome users are urged to update to the... read more

Zero Trust Architecture (ZTA), Cybersecurity, Remote work, Cybersecurity
21Apr

Implementing Zero Trust Architecture (ZTA) in the Age of Remote Work

With the rapid shift to remote work, organizations face... read more

22Apr

Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA

Networking equipment maker Cisco has released security updates to... read more

25Jan

FBI Warns of Cybercriminals Using QR Codes to Steal Funds

The FBI issues warning for consumers using quick response/QR... read more

19Apr

FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies

U.S. government has issued a new warning about North... read more

Cybersecurity Trends Attacks Predictions Challenges
17Jan

Top 6 Must Know Cybersecurity Trends For 2023

Keeping up with the newest cybersecurity trends is the... read more

24May

Web Trackers Caught Intercepting Online Forms Even Before Users Hit Submit

A new research published by academics from KU Leuven,... read more

13May

Google Created ‘Open-Source Maintenance Crew’ to Help Secure Critical Projects

On Thursday, Google announced the creation of a new "Open... read more