0-Day “zombie” flaw discovered and exploited


Safari is now the second most used browser in the world and this is probably why it is increasingly favored by cybercriminals, as evidenced by the recent discovery made by Google’s Project Zero team about a 0-Day flaw which has been labeled “zombie” due to its characteristics. Safari: CVE-2022-22620 flaw identified and exploited Researchers report that a group of hackers actively exploited a flaw discovered and corrected by Apple in the now distant 2013, brought back to life in 2016 after finding a way to circumvent it and remained active until February 2022, when the Cupertino giant resolved the matter definitively.The flaw in question, marked by the initials CVE-2022-22620, was defined as browser-in-the-wild, i.e. a flaw use-after-free that can be exploited to process web content developed to execute arbitrary code Commit and bug tracker history was analyzed to try to understand how the flaw could have been reactivated, but the fix was actually applied in 2013. Apparently, however, the fix underwent a downsizing in 2016 during the refactoring operations. In this regard, Maddie Stone of the Project Zero team said to that hackers are now finding a smarter way to be able to carry out their attacks: instead of investing energy in identifying new vulnerabilities, they increasingly prefer to try to exploit those already known that, however, companies have solved in a way imperfect.To avoid running into any security problems on your devices, it is good to take advantage of a highly effective antivirus, such as the .This article contains affiliate links: purchases or orders made through these links will allow our site to receive a commission .


Categories:   Security

Comments