Overview
A number of serious vulnerabilities have been discovered in Apple products, ranging from its iPhone and iPad operating system to its Mac computers. While many of these flaws have been patched by Apple, some remain unaddressed. These range from the infamous Meltdown and Spectre, to exploitable zero-day vulnerabilities that attackers can use to gain unauthorized access to systems or data. This can lead to data loss or theft, denial of service attacks, or other malicious activity.
Security is actively researching each of these vulnerabilities in the Apple products used by organization Teams for the risk of being exploited using various tactics, techniques, and procedures.
2022 Exploitable Vulnerabilities
The following table identifies the zero days identified in 2022 thus far with those highlighted in yellow showing the latest - CVE-2022-32893 & CVE-2022-32894.
CVE | Product | Description | Target | Advisory | Analysis URL | Root Cause Analysis |
CVE-2022-22587 | iOS, macOS | Memory corruption in IOMobileFrameBuffer |
|
| (Variant) | |
CVE-2022-22620 | WebKit | Unspecified use-after-free |
| |||
CVE-2022-22674 | macOS | Out-of-bounds read in Intel Graphics Driver | Graphic Drivers |
|
| |
CVE-2022-22675 | iOS/macOS/watchOS | Out-of-bounds write in AppleAVD | AppleAVD |
| ||
CVE-2022-26717 | WebKit | Arbitrary code execution | Safari and iTunes | |||
CVE-2022-32894 | iOS/macOS | Kernel out-of-bounds write, remote code execution | Safari |
|
| |
CVE-2022-32893 | WebKit | Out-of-bounds write, remote code execution | Safari |
|
|
Even though the latest versions of a product were already addressed, many of the previously known vulnerabilities, there are often variants that can still exploit these weaknesses.
There are a few key reasons why variants of previously known vulnerabilities can still pose a threat, even after patching:
The patch may not be comprehensive, only addressing some but not all of the possible ways to exploit the vulnerability.
The patch may not be properly implemented, leaving open the possibility that the original vulnerability could still be exploited.
New variants of the original vulnerability may be discovered that were not anticipated by the patch.
How - Tactics, Techniques, and Procedures
Attackers use various tactics, techniques, and procedures to exploit vulnerabilities. For example, a person may visit a legitimate website that has been hijacked by the attacker. The attacker can then use the website to infect the visitor's computer with malware or steal sensitive information.
Another common tactic is known as phishing. In a phishing attack, the attacker sends an email that appears to come from a trusted source, such as a bank or online store. The email typically contains a link that leads to a fake website designed to trick the user into entering sensitive information, such as login credentials or credit card numbers.
Yet another tactic used by attackers is social engineering. In a social engineering attack, the attacker attempts to trick the user into taking a specific action, such as opening a malicious email attachment or clicking on a malicious link.
Conclusion
Understanding the attacker's tactics, techniques, and procedures in exploiting vulnerabilities enables organization to implement the appropriate detection and mitigation controls. In this way, we can reduce our organization's exposure to potential attacks.
Reference
0-day Root Cause Analysis Template
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0005 - The WebKitGTK Project
No comments:
Post a Comment