This week, Apple has released security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. This vulnerability could potentially allow threat actors to bypass authentication and execute arbitrary code with kernel. This vulnerability is tracked as CVE-2022-42856 (broken authentication method) and has not yet received a CVSSv3 base scores. Barracuda MSP recommends updating affected Apple products as soon as possible with the latest patch released for this vulnerability.
What is the threat?
A zero-day vulnerability exists in the Apple versions of iOS released before iOS 15.1. The critical vulnerability, CVE-2022-42856, makes it possible for a malicious threat actor to trigger the WebKit browser by inputting specially crafted content leading to arbitrary code execution.
Why is it noteworthy?
Apple provides multiple operating systems that are used commercially, privately, and globally in all sectors. Vulnerabilities with these operating systems can be dangerous because upon successful exploitation, threat actors will have unlimited access.
Apple has had 9 other zero-day vulnerabilities this year, such as the one in November, CVE-2022-32917, which was classified as critical.
What is the exposure or risk?
Successful exploitation allows a malicious actor to execute any number of arbitrary codes as an admin user, giving them full control of your network thus bypassing any security protocols that have been put in place. This can open the door to a ransomware event, business email compromise that can lead to temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses, and potential harm to an organization’s reputation.
What are the recommendations?
Barracuda MSP recommends the following actions to limit the impact of an arbitrary code execution attack:
- Update Apple iOS 15.7.2, iPadOS 15.7.2, macOS Ventura 13.1, tvOS 16.2, and Safari 16.2
- Keep all applications updated thus enforcing new security measures
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Security Operations Center.