Share This:

Apple has had an existing arbitrary code execution vulnerability in their MacOS, iOS, iPadOS, and Safari in their past 3 zero-days known as CVE-2022-22620. Google and Barracuda MSP researchers are making sure users don’t forget this. The vulnerability could allow a threat actor to utilize the software to execute arbitrary code and gain full control of the devices. Barracuda MSP recommends staying up to date with all critical patches that Apple provides.

What is the threat?

An arbitrary code execution vulnerability existed in the 2013 and 2016 versions of MacOS and were finally patched in in February 2022 for those still running iOS 15.3.1 and iPadOS 15.3.1, macOS Monterey 12.2.1, and Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8) for macOS Big Sur and Catalina. An attacker who successfully executes this arbitrary code can gain control on all of Apple’s devices: iPhones, iPads, and Macs. This arbitrary code execution vulnerability exists due to a use-after-free memory corruption bug in the WebKit rendering engine, which powers Apple’s web browser Safari. This vulnerability has been categorized as a zero-day indicating that it was an unknown flaw however it has been revamped in 3 new critical ways.

Why is it noteworthy?

This vulnerability was actively in the wild for 5 years before a patch was deployed and approximately one billion people are using more than 1.4 billion Apple devices. With a window and potential impact like that, it’s now more than evident that IT security and users must be observant of any unauthorized changes that occur in their network. An arbitrary code execution (ACE) stems from a flaw in software or hardware. A hacker then spots that problem, which leads to them using it for executing commands on a target device. Apple has been impacted by similar zero-day vulnerabilities dating back to 2013. When news of multiple zero-days such as this breaks publicly, attackers begin to gain confidence that the flaw can be exploited again. They are likely to accelerate attacks on targets where possible, while that window remains open.

What is the exposure or risk?

When exploited, this vulnerability allows an attacker to have complete and unrestricted access to the devices running on Apples MacOS. If an attacker can run arbitrary code, they can easily install programs, exfiltrate, view, change, delete data, or create new accounts in the context allowed by the user’s rights. These privileges give the attacker the tools to conduct a ransomware event, impersonation, and obtain credential information that can lead to temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses, and potential harm to an organization’s reputation.

What are the recommendations?

Barracuda MSP recommends the following actions to limit the impact of an arbitrary code execution attack:

  • Be observant of any new potential unauthorized activity.
  • Keep all applications updated to enforce new security measures
  • Continue to stay up to date with our threat advisories for updates.

References

For more in-depth information about the recommendations, please visit the following links:

Barracuda Solutions for Ransomware | Barracuda Networks

13 Threats e-book | Barracuda Networks

Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw (thehackernews.com)

Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild (thehackernews.com)

Apple Releases Patches To Fix WebKit Vulnerability & Mac Battery Drain (techworm.net)

If you have any questions, please contact our Security Operations Center.


Share This:

Posted by Morgan Pratt

Morgan Pratt is a Content Marketing Associate at Barracuda MSP. In her role, Morgan creates and shares education and enablement materials built with today's MSPs in mind. She recently became the primary copyeditor on SmarterMSP.com and enjoys working with our growing roster of contributing writers as well as MSPs themselves. Morgan has significant experience managing social media accounts for SMB clients as well as developing marketing campaigns and content.

Leave a reply

Your email address will not be published.