Threat Update
After a browser fingerprinting and fraud detection detected an actively exploited vulnerability (which can be tracked as CVE-2022-22587) in Apple’s Safari 15 browser, Apple has released updates that fix the bug (iOS 15.3 and macOS Monterey 12.2). This vulnerability in Safari 15 exploits a violation of IndexedDB’s same-origin policy to expose identifying information to sites that use your Google User ID. Barracuda MSP recommends that all MSPs update all Apple devices immediately to prevent exposure of sensitive information.
Technical Detail & Additional Information
WHAT IS THE THREAT?
On January 26th, 2022, Apple released several security updates for all of their devices to address potential arbitrary code execution vulnerabilities, memory corruption issues and other logic, buffer overflow and use-after-free issues. Notable CVEs are listed below:
- CVE-2022-22584 – Patches resolved a memory corruption issue in ColorSync that could allow threat actors to execute arbitrary code execution when a user processes a malicious crafted file
- CVE-2022-22578 – This was a logic issue in Crash Reporter that could allow a malicious application to gain root privileges.
- CVE-2022-22585 – A iCloud path validation issue that a rogue application could exploit to access a user’s files
- CVE-2022-22591 – A memory corruption issue in Intel Graphics Driver that could be abused by a malicious application to execute arbitrary code with kernel privileges
- CVE-2022-22593 – A buffer overflow issue in Kernel that could be abused by a malicious application to execute arbitrary code with kernel privileges
- CVE-2022-22590 – A use-after-free issue in WebKit that may lead to arbitrary code execution when processing maliciously crafted web content
WHY IS IT NOTEWORTHY?
Apple computers and smartphones are widely used by individuals and businesses worldwide for their day-to-day communications and operations, and as the native browser for all versions of its operating system, Safari 15 likely has a high number of users that could have had identifying data exposed by this actively exploited vulnerability. However, as demonstrated by the scale of these updates, security researchers are constantly searching for and discovering new exploits on these products. It is crucial to keep these devices updated regularly, since these patches are made specifically to prevent these vulnerabilities from being exploited.
WHAT IS THE EXPOSURE OR RISK?
Apple’s latest security updates apply to the iPhone 6s and all following models, all versions of the iPad Pro, the 5th generation iPad and all following models, the iPad Mini 4 and all following models, the 7th generation iPod Touch and the three latest editions of Mac OS (Big Sur, Catalina and Monterey). Many companies rely on sensitive data stored on their Apple devices and services remaining private. In many cases, these devices and services are business critical and are needed to conduct everyday business. Because threat actors could have tracked your online activity and identified you through sensitive data, it is critical to implement these patches as soon as possible to prevent further exposure.
WHAT ARE THE RECOMMENDATIONS?
Barracuda MSP recommends that all MSPs update all Apple devices immediately to prevent exposure of sensitive information and mitigate risk of potential cyber attacks or exploitation by malicious applications or code.
REFERENCES
For more in-depth information about the recommendations, please visit the following links:
- https://support.apple.com/en-us/HT201222
- https://www.theverge.com/2022/1/16/22886809/safari-15-bug-leak-browsing-history-personal-information
- https://thehackernews.com/2022/01/apple-releases-ios-and-ipados-updates.html
If you have any questions, please contact our Security Operations Center.