A zero-day “zombie” vulnerability was found on Safari, Apple’s web browser – the second most used in the world. This is how the researchers of the Google Project Zero team defined it because, just like a zombie, despite the blow inflicted by the Apple engineers back in 2013, in 2016 it came back to life, remaining in business until today. In short, Apple would have solved it but three years later the hackers found a way to get around it.
The security flaw, marked by the initials CVE-2022-22620, affected until February, when Apple resolved it definitively (or at least that’s what we hope), Safari and consequently all the operating systems in which it is installed, then iOS, iPadOS and macOS. It has been defined as browser-in-the-wild, i.e. a use-after-free flaw that can be exploited to process web content developed to execute arbitrary code.
HACKER TOWARDS THE OPTIMIZATION OF EFFORTS
Maddie Stone of Google Project Zero reveals that hackers have found a smarter way to carry out their criminal intentions: rather than investing energy in identifying new, unprecedented vulnerabilities, more and more often they prefer to exploit the past ones that companies have imperfectly resolved. In short, in other words the zero-day zombie flaws are more and more frequent, even if the case of the Apple browser is different.
In the 2020 Year in Review on zero-days in the wild, I told how 25% of all zero-days identified were variants of already known vulnerabilities . Now, almost in the middle of 2022, the trend appears to be similar. The attackers seem not to need new flaws to attack users effectively with zero-days, but rather prefer to use vulnerabilities closely related to those discovered previously.
[…]
Variants usually exist due to incomplete fixes , ie when the company does not resolve the reported vulnerability correctly and completely. However in this case the vulnerability was corrected and completely resolved in 2013. This however regressed in 2016 during a refactoring. We don’t know how long the bad guys exploited it, but we do know that they could do it for 5 years, from December 2016 to January 2022.
If you like our news and you want to be the first to get notifications of the latest news, then follow us on Twitter and Facebook page and join our Telegram channel. Also, you can follow us on Google News for regular updates.