Apple has reportedly fixed two bugs — one for its mobile devices running the latest iOS and iPadOS, and the second for the MacBooks running the newest version of macOS, version 13, better known as Ventura. The security patches were released today and lets users update from 13.0 to 13.0.1, and iOS and iPadOS from 16.1 to 16.1.1
It is worth noting that the two patches Apple released today fixed the same two vulnerabilities. According to sources, the vulnerability was first reported by Google’s Project Zero team and had two designed CVEs — CVE-2022-40303 and CVE-2022-40304. The two vulnerabilities could allow users to control the device and perform the app remotely.
Apple fixes two major bugs in the latest update
The Apple ecosystem is usually considered one of the most potent in mobile and PC management. However, hackers can still try to gain access to devices by exploiting zero-day vulnerabilities. Fortunately, both the bugs fixed today were not zero-days, according to Apple.
Even though the vulnerabilities were not zero-day, Apple has taken the bugs very seriously and released the new patches as soon as Google’s Project Zero team reported them. Both the bugs were designated as ripe for remote code execution, typically used for implanting malware or spyware remotely.
To learn more about the new Apple updates, here is an easy-to-digest version of the two vulnerabilities and how they impact the devices.
iOS 16.1.1 and iPadOS 16.1.1
libxml2
- Available for the following models of iPad: iPad Pro (all models), iPad Air (3rd generation), iPad (5th generation), and iPad Mini (5th generation).
- Impact: Unexpected app shutdown or arbitrary code execution may be possible for a remote user.
- Description: Input validation was improved to prevent an integer overflow.
- CVE-2022-40303: Maddie Stone of Google Project Zero
libxml2
- Available for the following models of iPad: iPad Pro (all models), iPad Air (3rd generation), iPad (5th generation), and iPad Mini (5th generation).
- Impact: Unexpected app shutdown or arbitrary code execution may be possible for a remote user to accomplish.
- Description: The problem was solved by enhancing the checks.
- CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project Zero
macOS Ventura 13.0.1
libxml2
- Available for: macOS Ventura.
- Impact: A remote user may be able to execute arbitrary code or cause an unexpected app termination.
- Description: Input validation was improved to prevent an integer overflow.
- CVE-2022-40303: Maddie Stone of Google Project Zero.
libxml2
- Available for: macOS Ventura.
- Impact: A remote user can execute arbitrary code or terminate an app unexpectedly.
- Description: Improved checks were used to resolve this issue.
- CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project Zero.
