AMKIO

19/08/2022

A set of critical Arbitrary-remote-code-ex*****on exploits for Apple devices, new and old, macOS, iPadOS and iOS, have been uncovered by Apple. Find mitigation and explanation below 👇🏼

Information from Apple regarding the 2 CVE’s:
WebKit: https://support.apple.com/en-us/HT213414

macOS: https://support.apple.com/en-us/HT213413

iOS and iPadOS: https://support.apple.com/en-us/HT213412

The following is an excerpt from Malwarebytes, article: https://www.malwarebytes.com/blog/news/2022/08/urgent-update-for-macos-and-ios-two-actively-exploited-zero-days-fixed

Excerpt:
—————————————————
Kernel privileges:
CVE-2022-32894: An out-of-bounds write issue was addressed with improved bounds checking. The vulnerability could allow an application to execute arbitrary code with kernel privileges. The kernel privileges are the highest possible privileges, so an attacker could take complete control of a vulnerable system by exploiting this vulnerability.

Apple points out that they are aware of a report that this issue may have been actively exploited.

WebKit exploit:
CVE-2022-32893: An out-of-bounds write issue was addressed with improved bounds checking. Processing maliciously crafted web content may lead to arbitrary code ex*****on. An attacker could lure a potential victim to a specially crafted website or use malvertising to compromise a vulnerable system by exploiting this vulnerability. Since the vulnerability exists in Apple’s HTML rendering software (WebKit). WebKit powers all iOS web browsers and Safari, so possible targets are iPhones, iPads, and Macs which could all be tricked into running unauthorized code.

Apple points out that they are aware of a report that this issue may have been actively exploited.
—————————————————

Mitigate by updating all devices to:
iOS 15.6.1+
iPadOS 15.6.1+
macOS Monterey 12.5.1+

CVE’s can be found here:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32894

And

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32893

The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

02/06/2021

The Elastic stack allows for unprecedented speed in business intelligence and data analytics applications 📊

Were you aware that, Elastic can be used for:

- Enterprise scale SIEM solutions, where terabytes of event data needs to be efficiently analyzed 🔐

- Internal company document databases, where tens of thousands of documents need to be analyzed and searched at once 📑

- Complicated webshop product searches, where combinations create millions of options 🛍

The sky is truly the limit, when speed is no longer a problem 🏎💨