Microsoft is warning of an uptick in the nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments.
The tech giant, in its 114-page Digital Defense Report, said it has "observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability," making it imperative that

Microsoft is warning of an uptick in the nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments.

The tech giant, in its 114-page Digital Defense Report, said it has "observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability," making it imperative that organizations patch such exploits in a timely manner.

This also corroborates an April 2022 advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which found that bad actors are "aggressively" targeting newly disclosed software bugs against broad targets globally.

Microsoft noted that it only takes 14 days on average for an exploit to be available in the wild after public disclosure of a flaw, stating that while zero-day attacks are initially limited in scope, they tend to be swiftly adopted by other threat actors, leading to indiscriminate probing events before the patches are installed.

It further accused Chinese state-sponsored groups of being "particularly proficient" at discovering and developing zero-day exploits.

This has been compounded by the fact that the Cyberspace Administration of China (CAC) enacted a new vulnerability reporting regulation in September 2021 that requires security flaws to be reported to the government prior to them being shared with the product developers.

Redmond further said the law could enable government-backed elements to stockpile and weaponize the reported bugs, leading to the increased use of zero-days for espionage activities designed to advance its economic and military interests.

Some of the vulnerabilities that were first exploited by Chinese actors before being picked up other adversarial groups include -

*   **CVE-2021-35211** (CVSS score: 10.0) - A remote code execution flaw in SolarWinds Serv-U Managed File Transfer Server and Serv-U Secure FTP software that was exploited by DEV-0322.
*   **CVE-2021-40539** (CVSS score: 9.8) - An authentication bypass flaw in Zoho ManageEngine ADSelfService Plus that was exploited by DEV-0322 (TiltedTemple).
*   **CVE-2021-44077** (CVSS score: 9.8) - An unauthenticated remote code execution flaw in Zoho ManageEngine ServiceDesk Plus that was exploited by DEV-0322 (TiltedTemple).
*   **CVE-2021-42321** (CVSS score: 8.8) - A remote code execution flaw in Microsoft Exchange Server that was exploited three days after it was revealed during the Tianfu Cup hacking contest on October 16-17, 2021.
*   **CVE-2022-26134** (CVSS score: 9.8) - An Object-Graph Navigation Language (OGNL) injection flaw in Atlassian Confluence that's likely to have been leveraged against an unnamed U.S. entity days before the flaw's disclosure on June 2.

The findings also come almost a month after CISA released a list of top vulnerabilities weaponized by China-based actors since 2020 to steal intellectual property and develop access into sensitive networks.

"Zero-day vulnerabilities are a particularly effective means for initial exploitation and, once publicly exposed, vulnerabilities can be rapidly reused by other nation state and criminal actors," the company said.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities

The software giant also recorded an increase in attacks on IT services companies as state-backed threat actors have adapted to better enterprise defenses and cast a wider net, Microsoft says.

Enterprise security executives that perceive nation-state-backed cyber groups as a distant threat might want to revisit that assumption, and in a hurry.

Several recent geopolitical events around the world over the past year have spurred a sharp increase in nation-state activity against critical targets, such as port authorities, IT companies, government agencies, news organizations, cryptocurrency firms, and religious groups.

A Microsoft analysis of the global threat landscape over the last year, released Nov. 4, showed that cyberattacks targeting critical infrastructure doubled, from accounting for 20% of all nation-state attacks to 40% of all attacks that the company's researchers detected.

Furthermore, their tactics are shifting — most notably, Microsoft recorded an uptick in the use of zero-day exploits.

**Multiple Factors Drove Increased Nation-State Threat Activity**

Unsurprisingly, Microsoft attributed much of the spike to attacks by Russia-backed threat groups related to and in support of the country's war in Ukraine. Some of the attacks were focused on damaging Ukrainian infrastructure, while others were more espionage-related and included targets in the US and other NATO member countries. Ninety percent of Russia-backed cyberattacks that Microsoft detected over the past year targeted NATO countries; 48% of them were directed at IT service providers in these countries.

While the war in Ukraine drove most of the activity by Russian threat groups, other factors fueled an increase in attacks by groups sponsored by China, North Korea, and Iran. Attacks by Iranian groups, for instance, escalated following a presidential change in the country. 

Microsoft said it observed Iranian groups launching destructive, disk-wiping attacks in Israel as well as what it described as hack-and-leak operations against targets in the US and EU. One attack in Israel set off emergency rocket signals in the country while another sought to erase data from a victim's systems.

The increase in attacks by North Korean groups coincided with a surge in missile testing in the country. Many of the attacks were focused on stealing technology from aerospace companies and researchers.

Groups in China, meanwhile, increased espionage and data-stealing attacks to support the country's efforts to exert more influence in the region, Microsoft said. Many of their targets included organizations that were privy to information that China considered to be of strategic importance to achieving its goals.

**From Software Supply Chain to IT Service Provider Chain**

Nation-state actors targeted IT companies more heavily than other sectors in the period. IT companies, such as cloud services providers and managed services providers, accounted for 22% of the organizations that these groups targeted this year. Other heavily targeted sectors included the more traditional think tank and nongovernmental organization victims (17%), education (14%), and government agencies (10%).

In targeting IT service providers, the attacks were designed to compromise hundreds of organizations at once by breaching a single trusted vendor, Microsoft said. The attack last year on Kaseya, which resulted in ransomware ultimately being distributed to thousands of downstream customers, was an early example. 

There were several others this year, including one in January in which a Iran-backed actor compromised an Israeli cloud services provider to try and infiltrate that company’s downstream customers. In another, a Lebanon-based group called Polonium gained access to several Israeli defense and legal organizations via their cloud services providers. 

The growing attacks on the IT services supply chain represented a shift away from the usual focus that nation-state groups have had on the software supply chain, Microsoft noted.

Microsoft's recommended measures for mitigating exposure to these threats include reviewing and auditing upstream and downstream service provider relationships, delegating privileged access management responsible, and enforcing least privileged access as needed. The company also recommends that companies review access for partner relationships that are unfamiliar or have not been audited, enable logging, review all authentication activity for VPNs and remote access infrastructure, and enable MFA for all accounts

**An Uptick in Zero-Days**

One notable trend that Microsoft observed is that nation-state groups are spending significant resources to evade the security protections that organizations have implemented to defend against sophisticated threats. 

"Much like enterprise organizations, adversaries began using advancements in automation, cloud infrastructure, and remote access technologies to extend their attacks against a wider set of targets," Microsoft said.

The adjustments included new ways to rapidly exploit unpatched vulnerabilities, expanded techniques for breaching corporations, and increased use of legitimate tools and open source software to obfuscate malicious activity. 

One of the most troubling manifestations of the trend is the increasing use among nation-state actors of zero-day vulnerability exploits in their attack chain. Microsoft's research showed that patches were released for 41 zero-day vulnerabilities between July 2021 and June 2022.

According to Microsoft, China-backed threat actors have been especially proficient at finding and discovering zero-day exploits recently. The company attributed the trend to a new China regulation that went into effect in September 2021; it requires organizations in the country to report any vulnerabilities they discover to a Chinese government authority for review before disclosing the information with anyone else.

Examples of zero-day threats that fall into this category include CVE-2021-35211, a remote code execution flaw in SolarWinds Serv-U software that was widely exploited before being patched in July 2021; CVE-2021-40539, a critical authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus, patched last September; and CVE-2022-26134, a vulnerability in Atlassian Confluence Workspaces that a Chinese threat actor was actively exploiting before a patch become available in June.

"This new regulation might enable elements in the Chinese government to stockpile reported vulnerabilities toward weaponizing them," Microsoft warned, adding that this should be viewed as a major step in the use of zero-day exploits as a state priority.

.

Microsoft Warns on Zero-Day Spike as Nation-State Groups Shift Tactics

The settlement muddies the waters even further for the viability of war exclusion clauses when it comes to cyber insurance.

Mondelez International, maker of Oreos and Ritz Crackers, has settled a lawsuit against its cyber insurer after the provider refused to cover a multimillion-dollar clean-up bill stemming from the sprawling NotPetya ransomware attack in 2017.

The snack giant originally brought the suit against Zurich American Insurance back in 2018, after NotPetya had completed its global cyber-ransacking of major multinational corporations, and the case has since been tied up in court. Terms of the deal have not been disclosed, but a "settlement" would indicate a compromise resolution — illustrating just how thorny an issue cyber-insurance exclusion clauses can be.

**NotPetya: Act of War?**

The lawsuit hinged on the contract terms in the cyber insurance policy — specifically, an exclusion carve-out for damages caused by acts of war.

NotPetya, which the US government in 2018 dubbed the "most destructive and costliest cyberattack in history," started out as compromising Ukrainian targets before spreading globally, ultimately impacting companies in 65 countries and costing billions in damage. It spread rapidly thanks to the use of the EternalBlue worming exploit in the attack chain, which is a leaked NSA weapon that allows malware to self-propagate from system to system using Microsoft SMB file shares. Notable victims of the attack included FedEx, shipping behemoth Maersk, and pharmaceutical giant Merck, among many others.

In the case of Mondelez, the malware locked up 1,700 of its servers and a staggering 24,000 laptops, leaving the corporation incapacitated and reeling from more than $100 million in damages, downtime, lost profits, and remediation costs.

As if that weren't tough enough to swallow, the food kahuna soon found itself choking on the response from Zurich American when it filed a cyber insurance claim: The underwriter had no intention of covering the costs, citing the aforementioned exclusion clause that included the language "hostile or warlike action in time of peace or war" by a "government or sovereign power."

Thanks to world governments' attribution of NotPetya to the Russian state, and the original mission of the attack to strike a known kinetic adversary of Moscow, Zurich American had a case — despite the fact that the Mondelez attack was certainly unintended collateral damage.

However, Mondelez argued that Zurich American's contract left some disputed crumbs on the table, as it were, given the lack of clarity in what could and could not be covered in an attack. Specifically, the insurance policy clearly stated that it would cover "all risks of physical loss or damage" — emphasis on "all" — "to electronic data, programs, or software, including loss or damage caused by the malicious introduction of a machine code or instruction." It's a situation that NotPetya perfectly embodies.

Caroline Thompson, head of underwriting at Cowbell Cyber, a cyber insurance provider for small and midsize businesses (SMBs), notes that the lack of clear cyber insurance policy-wording left the door open for Mondelez' appeal — and should act as a cautionary message to others negotiating coverage.

"The scope of coverage, and the application of war exclusions, remains one of the most challenging areas for insurers as cyber threats continue to evolve, businesses increase their dependencies on digital operations, and geopolitical tensions continue to have widespread impact," she tells Dark Reading. "It is paramount for insurers to be familiar with the terms of their policy and seek clarification where needed, but also opt for modern cyber-policies that can evolve and adapt at the pace their risk and exposures do."

**War Exclusions**

There's one glaring issue in making war exclusions stick for cyber insurance: he difficulty in proving that attacks are indeed "acts of war" — a burden that generally requires determining on whose behalf they're carried out.

In the best of cases, attribution is more of an art than a science, with a shifting set of criteria underpinning any confident finger-pointing. Rationales for advanced persistent threat (APT) attribution often rely on far more than quantifiable technology artifacts, or overlaps in infrastructure and tooling with known threats.

Squishier criteria can include aspects such as victimology (i.e., are the targets consistent with state interests and policy goals?; the subject matter of social-engineering lures; coding language; level of sophistication (does the attacker need to be well-resourced? Did they use an expensive zero day?); and motive (is the attack bent on espionage, destruction, or financial gain?). There's also the issue of false-flag operations, where one adversary manipulates these levers to frame a rival or adversary.

"What is shocking to me is the idea of verifying that these attacks can be reasonably attributed to a state — how?" says Philippe Humeau, CEO and co-founder of CrowdSec. "It is well known that you can hardly track a decently skilled cybercriminal's base of operations, since air-gapping their operations is the first line of their playbook. Two, governments are not willing to actually admit they do provide cover for the cybercriminals in their countries. Three, cybercriminals in many parts of the world are usually some mix of corsairs and mercenaries, faithful to whatever entity/nation-state may be funding them, but totally expandable and deniable if there are ever questions about their affiliation."

That's why, absent a government taking responsibility for an attack a la terrorism groups, most threat-intelligence firms will caveat state-sponsored attribution with phrases like, "we determine with low/moderate/high confidence that XYZ is behind the attack," and, to boot, different firms may determine different sources for any given attack. If it's that difficult for professional cyber-threat-hunters to pin down the culprits, imagine how difficult it is for cyber-insurance adjusters operating with a fraction of the skills.

If the standard for proof of an act of war is wide governmental consensus, this also poses issues, Humeau says.

"Accurately attributing attacks to nation-states would require cross-country legal cooperation, which has historically proven to be both difficult and slow," says Humeau. "So the idea of attributing these attacks to nation-states who will never 'fess up to it leaves too much room for doubt, legally speaking."

**An Existential Threat to Cyber Insurance?**

To Thompson's point, one of the realities in today's environment is the sheer volume of state-sponsored cyber activity in circulation. Bryan Cunningham, attorney and advisory council member at data security company Theon Technology, notes that if more and more insurers simply deny all claims stemming from such activity, there could be very few payouts indeed. And, ultimately, companies may not see cyber-insurance premiums as worth it anymore.

"If a significant number of judges actually begin allowing carriers to exclude coverage for cyberattacks just upon a claim that a nation-state was involved, this will be as devastating to the cyber insurance ecosystem as 9/11 was (temporarily) to commercial real estate," he says. "As a result, I do not think many judges will buy this, and proof, in any event, will almost always be difficult."

In a different vein, Ilia Kolochenko, chief architect and CEO of ImmuniWeb, notes that the cybercriminals will find a way to use the exclusions to their advantage — undercutting the value of having a policy even further.

"The problem stems from a possible impersonation of well-known cyber-threat actors," he says. "For instance, if cybercriminals — unrelated to any state — wish to amplify the damage caused to their victims by excluding the eventual insurance coverage, they may simply try to impersonate a famous state-backed hacking group during their intrusion. This will undermine trust in the cyber-insurance market, as any insurance may become futile in the most serious cases that actually require the coverage and justify the premiums paid."

**The Question of Exclusions Remains Unsettled**

Even though the Mondelez-Zurich American settlement would seem to indicate that the insurer succeeded in at least partially making its point (or perhaps neither side had the stomach for incurring further legal costs), there is conflicting legal precedent.

Another NotPetya case between Merck and ACE American Insurance over the same issue was put to bed in January, when the Superior Court of New Jersey ruled that act of war exclusions only extend to real-world physical warfare, resulting in the underwriter paying up a heaping $1.4 billion serving of claims settlement.

Despite the unsettled nature of the area, some cyber-insurers are going forward with war exclusions, most notably Lloyd's of London. In August the market stalwart told its syndicates that they will be required to exclude coverage for state-backed cyberattacks beginning in April 2023. The idea, the memo noted, is to protect insurance companies and their underwriters from catastrophic loss.

Even so, success for such policies remains to be seen.

"Lloyd's, and other carriers, are working on making such exclusions stronger and absolute, but I think this, too, ultimately will fail because the cyber-insurance industry likely could not survive such changes for long," Theon's Cunningham says.

Oreo Giant Mondelez Settles NotPetya 'Act of War' Insurance Suit

The cybersecurity agency announced it intends to scan all Internet-connected devices hosted in the UK for known vulnerabilities.

The National Cyber Security Centre has announced a new program that intends to scan every Internet-connected system hosted in the UK for vulnerabilities in what it touts as an effort to both remediate threats and monitor the nation's exposure.

The data collected will also help the country respond quickly to widespread zero days, explained Dr. Ian Levy, technical director of NCSC, in a blog post announcing the new vulnerability scanning program. Dr. Levy also sought to reassure the public that the program will be fully transparent.

"We're not trying to find vulnerabilities in the UK for some other, nefarious purpose," he wrote about the NCSC scanning announcement. "We're beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we're doing (and why we're doing it)."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

NCSC Implements Vulnerability Scanning Program Across UK

By Owais Sultan
Next gen SIEM is a cloud-native cyberscurity tool that utilizes artificial intelligence and machine learning to discover malicious activity in real-time.
This is a post from HackRead.com Read the original post: 4 Major Benefits of Next Gen SIEM

Security analysts are **up against more cyberattacks than ever**, increased attack surfaces, and more protective tools on the cloud and premises than ever before.

All of that is accompanied by cybersecurity experts that are leaving the field. Stress, poor company culture, and long hours have prompted top talent to seek alternative employment.

Bombarded with alerts and understaffed, those who stay need all the help they can get.

This also means that they require tools that aid them in decreasing manual labor and, essentially, working smarter instead of harder.

For example, next-generation security information and event management (AKA next-gen SIEM) is a tool that addresses the key issues security experts have been dealing with for years.

What is this solution all about, and what are the major **advantages of next gen SIEM** over traditional SIEM technology?

We uncover the details below.

**What Is Next Gen SIEM, Exactly?**

Next gen SIEM is a cloud-native cybersecurity tool that utilizes artificial intelligence and machine learning to discover malicious activity in real time.

SIEM, the predecessor of the next gen SIEM solution, has been notorious for its **high number of alerts**, a large quantity of data that is not properly categorized, and poor quality of information concerning threats within systems.

The new and improved version of the tool (next gen SIEM) is more precise, less overwhelming for security teams, and makes data more manageable.

The main advantages of the next gen SIEM include:

*   The early discovery of threats
*   Unified data management
*   Reduced alert fatigue
*   Simpler scaling of security 

Let’s break down these benefits even further.

**#1 Early Discovery of Threats**

Since it relies on artificial intelligence, next gen SIEM is an automated tool that can detect critical issues within the infrastructure early. 

The data that is gathered from the versatile security solutions is both streamlined and actionable, helping teams to react promptly — close security gaps or mitigate threats as they appear within the system.

This includes **zero-day attacks** as well. Dubbed zero-day, such threats refer to weaknesses that have been exploited before IT teams had a chance to patch them up — the teams have zero days to fix them.

Considering that next gen SIEM utilizes machine learning and continually learns about the regular behavior within the system, it’s quick to detect anomalies that point to high-risk threats.

Identifying security issues on time is essential because **prompt reaction time cuts costs** that a company would have to allocate in order to repair the aftermath of a cyberattack.

**#2 Unified Data Management**

One of the major pain points of traditional SIEM has been managing the large quantity of data as well as discerning the important information.

Within the next gen tool, the information is automatically categorized and contextualized — regardless of its quantity.

The best next gen SIEM tool unifies the information in a single platform — this includes third-party data as well as that unique to one’s architecture.

For the teams that manage security, having all the essential data within a single dashboard means they can find the information they need quickly as well as identify the issue in time.

**#3 Reduced Alert Fatigue**

Traditional SIEM is an alert-happy tool that generates an overwhelming number of notifications from separate tools. Even more, those alerts come from multiple dashboards that have to change all the time. Shifting from one to another **causes alert fatigue** (PDF).

Alarms would be raised on any change within the network, and IT teams would have to discern whether the alert is something to worry about, wasting time as they discover to which extent the system has been affected as well as where the threat is exactly.

Many of these alerts are false positives — not high-risk issues that are likely to turn into cyber incidents.

As a result, security experts are likely to disregard even those alerts that flag real concerns.

Next gen SIEM is designed to facilitate understaffed and overworked teams that are tired of playing catch-up. 

Nuanced data analytics and automation link alert with exact incidents that are taking place in real-time. 

In short — fewer alerts coming from one dashboard make for happier security teams and leave them with more time to focus on more challenging issues.

**#4 Simpler Scaling of Security**

Security has to keep up with the changes within the company’s systems. As more and more organizations rely on the cloud, they require solutions that can be easily deployed.

This involves relying on security tools that can adapt to both growing and complex infrastructures.

Namely, most architectures nowadays are a combination of several cloud deployments (multi-cloud) and structures on the premises.

All the devices and software that are being added (whether it’s a new remote worker’s device or more cloud storage) have to be protected with versatile security points and continually managed afterward.

More complex structures and a larger number of tools generate even more data about security that has to be categorized on the go.

Next gen SIEM is a cloud-powered tool that can be adjusted based on the needs of growing companies.

The scalability of big data is an important feature of the tool as well because it is designed to add more volume within the **cloud-based solution**.

**Final Word**

In a nutshell, next gen SIEM delivers on the empty promises of its forerunner (SIEM).

Traditional SIEM is slowly fading into the past as next gen technology takes its place by fixing the headache-inducing shortcomings such as poor data quality, an overwhelming number of alerts, and failure to detect zero-day attacks.

For businesses, this means better security for a lower price tag and having security teams that are less overworked and overwhelmed with the incoming data that is being generated from multiple siloed tools.

What’s more, next gen SIEM also created the security that can keep up with the rapidly advancing technology, large quantities of information, and complex infrastructures of modern businesses.

1.  **Free and Best OSINT Tools**
2.  **Tools for Testing Your Proxy Servers**
3.  **CISA Publishes List of Free Cybersecurity Tools and Services**
4.  **Psst! tool by 1Password lets users share passwords using a link**
5.  **New Underactor tool reveals pixelated text to expose sensitive data**

4 Major Benefits of Next Gen SIEM

**FOSTER CITY, Calif., Nov. 2, 2022 /PRNewswire/ —** Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced financial results for the third quarter ended September 30, 2022. For the quarter, the Company reported revenues of $125.6 million, net income under United States Generally Accepted Accounting Principles ("U.S. GAAP") of $27.7 million, non-GAAP net income of $36.8 million, Adjusted EBITDA of $54.9 million, GAAP net income per diluted share of $0.71, and non-GAAP net income per diluted share of $0.94.

"In Q3, we delivered another quarter of strong revenue growth and cash flow generation," said Sumedh Thakar, president and CEO. "We believe our extendable cloud-based platform is core to building a durable growth business over the long term. The launch of TotalCloud flexes the power of our platform by enabling cloud-native VMDR with accurate, comprehensive and unrestricted scanning options to uniquely secure cloud and container environments from build to run-time. We believe the Blue Hexagon acquisition allows us to further extend the Qualys Cloud Platform by transforming our massive data lake into a powerful, predictive analytics engine to perform real-time zero-day threat detection while advancing our value proposition and competitive differentiation in the market."

**Third Quarter 2022 Financial Highlights**

Revenues: Revenues for the third quarter of 2022 increased by 20% to $125.6 million compared to $104.9 million for the same quarter in 2021.

Gross Profit: GAAP gross profit for the third quarter of 2022 increased by 21% to $99.6 million compared to $82.5 million for the same quarter in 2021. GAAP gross margin was 79% for both the third quarter of 2022 and the third quarter of 2021. Non-GAAP gross profit for the third quarter of 2022 increased by 20% to $102.2 million compared to $85.1 million for the same quarter in 2021. Non-GAAP gross margin was 81% for both the third quarter of 2022 and the third quarter of 2021.

Operating Income: GAAP operating income for the third quarter of 2022 was $33.3 million compared to $32.0 million for the same quarter in 2021. As a percentage of revenues, GAAP operating income was 27% for the third quarter of 2022 compared to 30% for the same quarter in 2021. Non-GAAP operating income for the third quarter of 2022 increased by 11% to $48.0 million compared to $43.1 million for the same quarter in 2021. As a percentage of revenues, non-GAAP operating income was 38% for the third quarter of 2022 compared to 41% for the same quarter in 2021.

Net Income: GAAP net income for the third quarter of 2022 was $27.7 million, or $0.71 per diluted share, compared to $27.8 million, or $0.70 per diluted share, for the same quarter in 2021. As a percentage of revenues, GAAP net income was 22% for the third quarter of 2022 compared to 26% for the same quarter in 2021. Non-GAAP net income for the third quarter of 2022 was $36.8 million, or $0.94 per diluted share, compared to $34.2 million, or $0.86 per diluted share, for the same quarter in 2021. As a percentage of revenues, non-GAAP net income was 29% for the third quarter of 2022 compared to 33% for the same quarter in 2021.

Adjusted EBITDA: Adjusted EBITDA (a non-GAAP financial measure) for the third quarter of 2022 increased by 9% to $54.9 million compared to $50.3 million for the same quarter in 2021. As a percentage of revenues, Adjusted EBITDA was 44% for the third quarter of 2022 compared to 48% for the same quarter in 2021.

Operating Cash Flow: Operating cash flow for the third quarter of 2022 decreased by 13% to $42.2 million compared to $48.5 million for the same quarter in 2021. As a percentage of revenues, operating cash flow was 34% for the third quarter of 2022 compared to 46% for the same quarter in 2021.

**Third Quarter 2022 Business Highlights**

*   VMDR received industry recognition as it was named the Best Vulnerability Management solution in the industry-leading SC Awards  
    2022. 
*   Qualys upgrades CyberSecurity Asset Management, adding External Attack Surface Management (EASM) to enable continuous discovery of unknown internet-facing assets and the automatic assessment of an organization's risk posture.
*   In collaboration with IBM, Qualys has made the power of the Qualys Cloud Platform available for IBM zSystems - delivering our award-winning VMDR, policy compliance and asset management capabilities to help protect IBM zSystems environments.
*   At Black Hat 2022, Qualys was once again front and center showing attendees how the powerful Qualys Cloud Platform offers everything they need to tackle threats with automated workflows for rapid response and a clear picture of what it takes to reduce risk in their organizations.

**Financial Performance Outlook**  

Based on information as of today, November 2, 2022, Qualys is issuing the following financial guidance for the fourth quarter and full year fiscal 2022. The Company emphasizes that the guidance is subject to various important cautionary factors referenced in the sections entitled "Legal Notice Regarding Forward-Looking Statements" and "Non-GAAP Financial Measures" below.

Fourth Quarter 2022 Guidance: Management expects revenues for the fourth quarter of 2022 to be in the range of $129.7 million to $130.7 million, representing 18% to 19% growth over the same quarter in 2021. GAAP net income per diluted share is expected to be in the range of $0.52 to $0.54, which assumes an effective income tax rate of 26%. Non-GAAP net income per diluted share is expected to be in the range of $0.89 to $0.91, which assumes a non-GAAP effective income tax rate of 24%. Fourth quarter 2022 net income per diluted share estimates are  
based on approximately 39.0 million weighted average diluted shares outstanding for the quarter.

Full Year 2022 Guidance: Management now expects revenues for the full year of 2022 to be in the range of $488.6 million to $489.6 million, representing 19% growth over 2021, up from the previous guidance range of $488.0 million to $489.5 million. GAAP net income per diluted share is expected to be in the range of $2.52 to $2.54, up from the previous guidance range of $2.39 to $2.44. This assumes an effective income tax rate of 22%. Non-GAAP net income per diluted share is expected to be in the range of $3.60 to $3.62, up from the previous guidance range of $3.50 to $3.55. This assumes a non-GAAP effective income tax rate of 24%. Full year 2022 net income per diluted share estimates are based on approximately 39.5 million weighted average diluted shares outstanding.

**Investor Conference Call**

Qualys will host a conference call and live webcast to discuss its third quarter financial results at 5:00 p.m. Eastern Time (2:00 p.m. Pacific Time) on Wednesday, November 2, 2022. To access the conference call by phone, please register here and you will be provided with dial in details. A live webcast of the earnings conference call, investor presentation and prepared remarks can be accessed at https://investor.qualys.com/events-presentations. A replay of the conference call will be available through the same webcast link following the end of the call.

Qualys Announces Third Quarter 2022 Financial Results

A French-speaking threat actor dubbed OPERA1ER has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022.
According to Singapore-headquartered cybersecurity company Group-IB, the attacks have led to thefts totaling $11 million, with actual damages estimated to be as

A French-speaking threat actor dubbed **OPERA1ER** has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022.

According to Singapore-headquartered cybersecurity company Group-IB, the attacks have led to thefts totaling $11 million, with actual damages estimated to be as high as $30 million.

Some of the more recent attacks in 2021 and 2021 have singled out five different banks in Burkina Faso, Benin, Ivory Coast, and Senegal. Many of the victims identified are said to have been compromised twice, and their infrastructure subsequently weaponized to strike other organizations.

OPERA1ER, also known by the names DESKTOP-GROUP, Common Raven, and NXSMS, is known to be active since 2016, operating with the goal of conducting financially motivated heists and exfiltration of documents for further use in spear-phishing attacks.

"OPERA1ER often operates during weekends and public holidays," Group-IB said in a report shared with The Hacker News, adding the adversary's "entire arsenal is based on open-source programs and trojans, or free published RATs that can be found on the dark web."

This includes off-the-shelf malware such as Nanocore, Netwire, Agent Teslam Venom RAT, BitRAT, Metasploit, and Cobalt Strike Beacon, among others.

The attack chain commences with "high-quality spear-phishing emails" with invoice and delivery-themed lures written primarily in French and to a lesser extent in English.

These messages feature ZIP archive attachments or links to Google Drive, Discord servers, infected legitimate websites, and other actor-controlled domains, which lead to the deployment of remote access trojans.

Succeeding in the RAT execution, post-exploitation frameworks like Metasploit Meterpreter and Cobalt Strike Beacon are downloaded and launched to establish persistent access, harvest credentials, and exfiltrate files of interest, but not before an extended reconnaissance period to understand the back-end operations.

This is substantiated by the fact that the threat actor has been observed spending anywhere between three to 12 months from initial intrusion to making fraudulent transactions to withdraw money from ATMs.

The final phase of the attack involves breaking into the victim's digital banking backend, enabling the adversary to move funds from high value accounts to hundreds of rogue accounts, and ultimately cash them out via ATMs with the help of a network of money mules hired in advance.

"Here clearly the attack and theft of funds were possible because the bad actors managed to accumulate different levels of access rights to the system by stealing the login credentials of various operator users," Group-IB explained.

In one instance, over 400 mule subscriber accounts were employed to illicitly siphon the money, indicating that the "attack was very sophisticated, organized, coordinated, and planned over a long period of time"

The findings – carried out in collaboration with telecom giant Orange – that OPERA1ER managed to pull off the banking fraud operation by solely relying on publicly available malware highlights the effort that has gone into studying the internal networks of the organizations.

"There are no zero-day threats in OPERA1ER's arsenal, and the attacks often use exploits for vulnerabilities discovered three years ago," the company noted. "By slowly and careful inching their way through the targeted system, they were able to successfully carry out at least 30 attacks all around the world in less than three years."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26730: About the security content of macOS Ventura 13

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.

Released October 24, 2022

**Apple Neural Engine**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges 

Description: The issue was addressed with improved memory handling. 

CVE-2022-32932: Mohamed Ghannam (@\_simo36)

Entry added October 27, 2022

**AppleMobileFileIntegrity**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to modify protected parts of the file system

Description: This issue was addressed by removing additional entitlements.

CVE-2022-42825: Mickey Jin (@patch1t)

**Audio**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information

Description: The issue was addressed with improved memory handling.

CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative

Entry added October 27, 2022

**AVEVideoEncoder**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2022-32940: ABC Research s.r.o.

**Backup**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to access iOS backups

Description: A permissions issue was addressed with additional restrictions. 

CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added October 27, 2022

**CFNetwork**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution

Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation.

CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)

**Core Bluetooth**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to record audio using a pair of connected AirPods

Description: This issue was addressed with improved entitlements.

CVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes)

**FaceTime**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: A user may be able to view restricted content from the lock screen 

Description: A lock screen issue was addressed with improved state management. 

CVE-2022-32935: Bistrit Dahal

Entry added October 27, 2022

**GPU Drivers**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32947: Asahi Lina (@LinaAsahi)

**Graphics Driver**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges 

Description: The issue was addressed with improved bounds checks. 

CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin

Entry added October 27, 2022

**IOHIDFamily**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may cause unexpected app termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs

**IOKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2022-42806: Tingting Yin of Tsinghua University

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management. 

CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai

Entry added October 27, 2022

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges 

Description: A race condition was addressed with improved locking. 

CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)

Entry added October 27, 2022

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges 

Description: The issue was addressed with improved bounds checks.

CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai

Entry added October 27, 2022

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges 

Description: A logic issue was addressed with improved checks. 

CVE-2022-42801: Ian Beer of Google Project Zero

Entry added October 27, 2022

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32924: Ian Beer of Google Project Zero

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: A remote user may be able to cause kernel code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-42808: Zweig of Kunlun Lab

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-42827: an anonymous researcher

**Model I/O**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing a maliciously crafted USD file may disclose memory contents 

Description: The issue was addressed with improved memory handling. 

CVE-2022-42810: Xingwei Lin (@xwlin\_roy) and Yinyi Wu of Ant Security Light-Year Lab

Entry added October 27, 2022

**ppp**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: A buffer overflow may result in arbitrary code execution 

Description: The issue was addressed with improved bounds checks. 

CVE-2022-32941: an anonymous researcher

Entry added October 27, 2022

**ppp**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-42829: an anonymous researcher

**ppp**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-42830: an anonymous researcher

**ppp**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2022-42831: an anonymous researcher

CVE-2022-42832: an anonymous researcher

**Safari**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Visiting a maliciously crafted website may leak sensitive data

Description: A logic issue was addressed with improved state management.

CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois at Chicago; Binoy Chitale, MS student, Stony Brook University; Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago; Chris Kanich, Associate Professor, University of Illinois at Chicago

Entry added October 27, 2022

**Sandbox**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to access user-sensitive data

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake

**Shortcuts**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: A shortcut may be able to check the existence of an arbitrary path on the file system

Description: A parsing issue in the handling of directory paths was addressed with improved path validation.

CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Visiting a malicious website may lead to user interface spoofing

Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 243693  
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved memory handling.

WebKit Bugzilla: 244622  
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may disclose sensitive user information

Description: A logic issue was addressed with improved state management.

WebKit Bugzilla: 245058  
CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University

**WebKit PDF**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 242781  
CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may disclose internal states of the app

Description: A correctness issue in the JIT was addressed with improved checks.

WebKit Bugzilla: 242964  
CVE-2022-32923: Wonyoung Jung (@nonetype\_pwn) of KAIST Hacking Lab

Entry added October 27, 2022

**Wi-Fi**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app 

Description: The issue was addressed with improved memory handling.

CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan

Entry added October 27, 2022

**zlib**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: A user may be able to cause unexpected app termination or arbitrary code execution 

Description: This issue was addressed with improved checks.

CVE-2022-37434: Evgeny Legerov

CVE-2022-42800: Evgeny Legerov

Entry added October 27, 2022

CVE-2022-32946: About the security content of iOS 16.1 and iPadOS 16

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups.

Released October 27, 2022

**Apple Neural Engine**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32932: Mohamed Ghannam (@\_simo36)

**Audio**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information

Description: The issue was addressed with improved memory handling.

CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative

**Backup**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to access iOS backups

Description: A permissions issue was addressed with additional restrictions.

CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security

**FaceTime**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may be able to view restricted content from the lock screen

Description: A lock screen issue was addressed with improved state management.

CVE-2022-32935: Bistrit Dahal

**Graphics Driver**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin

**Image Processing**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: This issue was addressed with improved checks.

CVE-2022-32949: Tingting Yin of Tsinghua University

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-42827: an anonymous researcher

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A logic issue was addressed with improved checks.

CVE-2022-42801: Ian Beer of Google Project Zero

**Model I/O**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: The issue was addressed with improved memory handling.

CVE-2022-42810: Xingwei Lin (@xwlin\_roy) and Yinyi Wu of Ant Security Light-Year Lab

**ppp**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A buffer overflow may result in arbitrary code execution

Description: The issue was addressed with improved bounds checks.

CVE-2022-32941: an anonymous researcher

**Safari**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Visiting a maliciously crafted website may leak sensitive data

Description: A logic issue was addressed with improved state management.

CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois at Chicago; Binoy Chitale, MS student, Stony Brook University; Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago; Chris Kanich, Associate Professor, University of Illinois at Chicago

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may disclose internal states of the app

Description: A correctness issue in the JIT was addressed with improved checks.

WebKit Bugzilla: 242964  
CVE-2022-32923: Wonyoung Jung (@nonetype\_pwn) of KAIST Hacking Lab

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app

Description: The issue was addressed with improved memory handling.

CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan

**zlib**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may be able to cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2022-37434: Evgeny Legerov

CVE-2022-42800: Evgeny Legerov

Tag

#zero_day