“As the data is changed, it corrupts the validly used memory this induces undefined behavior in the process,” according to the post. The original pointer to the freed memory is used again and points to somewhere within the new allocation. In the case of CVE-2022-22620, the memory in question is allocated to another pointer validly at some point after it has been freed. These types of errors typically have two common and sometimes overlapping causes: error conditions and other exceptional circumstances, and confusion over which part of the program is responsible for freeing the memory, according to the post. “Referencing memory after it has been freed can cause a program to crash, use unexpected values or execute code,” according to the post.Įxploiting previously freed memory can have various adverse consequences, “ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw,” the description said. The simplest way threat actors can exploit the flaw involves the system’s reuse of freed memory, according to the vulnerability’s description on the Common Weakness Enumeration website. “Apple is aware of a report that this issue may have been actively exploited,” the company wrote in its update notes. ![]() The flaw also can lead to unexpected OS crashes. In the case of Apple’s zero-day, threat actors can execute arbitrary code on affected devices after they process maliciously crafted web content, the company said in a description of the bug. The zero-day, tracked as CVE-2022-22620, is a Use-After-Free issue, which is related to incorrect use of dynamic memory during program operation. Apple has patched yet another zero-day vulnerability, this time in its WebKit browser engine, that threat actors already are actively exploiting to compromise iPhones, iPads and MacOS devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |