Researchers created a PoC exploit for Safari CVE-2022-26717 bug
Theori researchers have created a working PoC exploit for the recently patched CVE-2022-26717 vulnerability affecting Apple Safari product. This vulnerability classified as critical has been found in Apple macOS up to 12.3. It affects an unknown part of the component WebKit. The manipulation leads to memory corruption. An attacker could use the exploit to achieve arbitrary code execution by processing maliciously crafted web content. “A use after free issue was addressed with improved memory management,” reads the advisory published by Apple. This flaw was reported by Jeonghoon Shin of Theori.
This week, Apple rolled out security updates to address the critical CVE-2022-26717 flaw that impacts WebKit. Also, Apple fixed 4 vulnerabilities on Safari 15.5.
- CVE-2022-26716/CVE-2022-26719: A memory corruption issue was addressed with improved state management.
- CVE-2022-26700: A memory corruption issue was addressed with improved state management.
- CVE-2022-26709: A use after free issue was addressed with improved memory management.
The bad news is that the researchers will publicly release their PoC exploit code which is hosted on Github.
Apple isn’t aware that this flaw has been exploited in the wild. In light of the criticality of some of the issues, users running affected Safari are highly recommended to upgrade to the latest version as soon as possible.
