Apple’s Zero-Day Woes Continue

Apple’s expanding footprint in enterprise organizations appears to have made its technologies a growing focus area for security researchers.

The company this week rushed out emergency patches for two zero-day vulnerabilities in its macOS and IOS technologies that the company said are being actively exploited. The flaws are present in macOS Catalina, BigSur, and Monterey; in devices running iOS and iPadOS; and Apple tvOS and watchOS.

One of the two zero-days for which Apple issued an update this week exists in the AppleAVD media file decoder that is present in multiple supported macOS versions as well as iOS and iPadOS. Apple’s sparse vulnerability disclosure described the flaw (CVE-2022-22675) as resulting from an out of bounds write issue and providing attackers with an opportunity to execute arbitrary code at the kernel level. Apple said it is aware of a report about the flaw being actively exploited.

Apple’s latest macOS Monterey 12.3.1, iOS 15.4.1, and iPadOS 15.4.1 includes “improved bounds checking” to address the issue, the company noted.

The second zero-day for which Apple issued a fix (CVE-2022-22674) exists in macOS and has to do with an out-of-bounds read issue that enables application to read kernel memory. The flaw, which is also being actively exploited, might lead to the contents of kernel memory being disclosed, Apple said in another advisory with very little information.

The flaws are the latest in a growing number of zero-day vulnerabilities that researchers have discovered in Apple’s products in recent months. The latest disclosures bring to at least four the total number of zero-days that Apple has disclosed this year alone. In January, the company disclosed two similar zero-days, at least one of which was likely to be exploited at the time of patch release.

In 2021, as many as 12 of 57 zero-day threats – or more than 20% – that researchers from Google’s Project Zero tracked
were Apple related. Impacted technologies included Apple’s macOS, iOS, iPadOS, and WebKit. In several cases, the flaws were being actively exploited by the time Apple had released a fix for them.

Exacerbating the issue is the emergence of malware targeted at Mac and iOS environments. A study of Apple malware in 2021 that security researcher Patrick Wardle released in Jan. 2022 showed there were at least eight significant malware tools last year that targeted macOS. The list included ElectroRAT, a cross-platform malware for remote code execution; Silver Sparrow, targeted at Apple’s M1 chip-based systems; and MacMa, a macOS implant believed to be the work of a nation-state actor.

Growing Focus Area
One reason for the growing number of flaws could be increasing code complexity, says Mike Parkin, senior technical engineer at Vulcan Cyber. As code gets more complex, there’s a higher chance of vulnerabilities creeping into it. “Apple’s iOS and MacOS code bases have been evolving for years, growing more complex, so it would not be surprising to see more vulnerabilities emerge.”

Another likely possibility is that threat actors are seeing greater returns from attacking the Apple ecosystem, Parkin says. “There are millions of iOS and MacOS users in the world, and the attackers will focus on where they can get the most mileage out of their efforts,” he says.

A global survey that Dimensional Research conducted last year for Apple device management vendor Kandji found that employee use of Apple devices has grown significantly over the past two years, at least partly because of increased remote work. Seventy-six percent of survey respondents said more employees at their organizations were using Apple devices – Mac notebooks specifically – compared to two years ago.

“Threat actors aren’t going to abandon other threat surfaces, but their economics may have shifted to make the Apple space more inviting,” Parkin says.

Source

Apple’s expanding footprint in enterprise organizations appears to have made its technologies a growing focus area for security researchers.

The company this week rushed out emergency patches for two zero-day vulnerabilities in its macOS and IOS technologies that the company said are being actively exploited. The flaws are present in macOS Catalina, BigSur, and Monterey; in devices running iOS and iPadOS; and Apple tvOS and watchOS.

One of the two zero-days for which Apple issued an update this week exists in the AppleAVD media file decoder that is present in multiple supported macOS versions as well as iOS and iPadOS. Apple’s sparse vulnerability disclosure described the flaw (CVE-2022-22675) as resulting from an out of bounds write issue and providing attackers with an opportunity to execute arbitrary code at the kernel level. Apple said it is aware of a report about the flaw being actively exploited.

Apple’s latest macOS Monterey 12.3.1, iOS 15.4.1, and iPadOS 15.4.1 includes “improved bounds checking” to address the issue, the company noted.

The second zero-day for which Apple issued a fix (CVE-2022-22674) exists in macOS and has to do with an out-of-bounds read issue that enables application to read kernel memory. The flaw, which is also being actively exploited, might lead to the contents of kernel memory being disclosed, Apple said in another advisory with very little information.

The flaws are the latest in a growing number of zero-day vulnerabilities that researchers have discovered in Apple’s products in recent months. The latest disclosures bring to at least four the total number of zero-days that Apple has disclosed this year alone. In January, the company disclosed two similar zero-days, at least one of which was likely to be exploited at the time of patch release.

In 2021, as many as 12 of 57 zero-day threats – or more than 20% – that researchers from Google’s Project Zero tracked
were Apple related. Impacted technologies included Apple’s macOS, iOS, iPadOS, and WebKit. In several cases, the flaws were being actively exploited by the time Apple had released a fix for them.

Exacerbating the issue is the emergence of malware targeted at Mac and iOS environments. A study of Apple malware in 2021 that security researcher Patrick Wardle released in Jan. 2022 showed there were at least eight significant malware tools last year that targeted macOS. The list included ElectroRAT, a cross-platform malware for remote code execution; Silver Sparrow, targeted at Apple’s M1 chip-based systems; and MacMa, a macOS implant believed to be the work of a nation-state actor.

Growing Focus Area
One reason for the growing number of flaws could be increasing code complexity, says Mike Parkin, senior technical engineer at Vulcan Cyber. As code gets more complex, there’s a higher chance of vulnerabilities creeping into it. “Apple’s iOS and MacOS code bases have been evolving for years, growing more complex, so it would not be surprising to see more vulnerabilities emerge.”

Another likely possibility is that threat actors are seeing greater returns from attacking the Apple ecosystem, Parkin says. “There are millions of iOS and MacOS users in the world, and the attackers will focus on where they can get the most mileage out of their efforts,” he says.

A global survey that Dimensional Research conducted last year for Apple device management vendor Kandji found that employee use of Apple devices has grown significantly over the past two years, at least partly because of increased remote work. Seventy-six percent of survey respondents said more employees at their organizations were using Apple devices – Mac notebooks specifically – compared to two years ago.

“Threat actors aren’t going to abandon other threat surfaces, but their economics may have shifted to make the Apple space more inviting,” Parkin says.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

YouAttest collaborates with JumpCloud to give users access reviews for identity governance

YouAttest announced their product integration with JumpCloud - an open directory platform that gives IT, security...

SLACIP: How to Comply with the SOCI ACT Reforms

On March 31, 2022, the Security Legislation Amendment Critical Infrastructure Protection Act 2022, also known as SLACIP, was passed by the Australian Parliament. ...

Microsoft patches the Patch Tuesday patch that broke authentication – Naked Security

Two of the big-news vulnerabilities in this month's Patch Tuesday updates from Microsoft were CVE-2022-26923 and CVE-2022-26931which affected the safety of authentication in Windows. Even...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!