Apple Releases Patches For Two Actively Exploited Zero-Day Vulnerabilities 

Apple Releases Patches For Two Actively Exploited Zero-Day Vulnerabilities 

Yesterday, Apple released emergency fixes for two zero vulnerabilities in its mobile and desktop operating systems, claiming that they have been exploited in the wild. The weaknesses are patched as part of updates to iOS and iPadOS 15.4.1, tvOS 15.4.1, watchOS 8.5.1, and macOS Monterey 12.3.1. Both flaws were reported to Apple in an anonymous manner. 

The vulnerability, identified as CVE-2022-22675, is an out-of-bounds write weakness in AppleAVD, an audio and video decoding component that might allow an application to run arbitrary code with kernel privileges. Apple claimed improved bounds checking fixed the bug, but it’s aware that “this issue may have been actively exploited.” 

In addition to addressing CVE-2022-22675, the current version of macOS Monterey includes a remedy for CVE-2022-22674, an out-of-bounds read problem in the Intel Graphics Driver module that might allow a malicious actor to access kernel memory. The iPhone maker said the flaw was “addressed with improved input validation.” The company also indicated evidence of active exploitation but withheld further specifics to avoid future misuse. 

Apple has already patched four actively exploited zero-days since the beginning of the year, not to mention a publicly revealed weakness in the IndexedDB API (CVE-2022-22594), which may be used by a malicious website to monitor users’ online activities and identity on the web browser. The patched flaws are: 

  • CVE-2022-22587 (IOMobileFrameBuffer) – A malicious program can execute arbitrary code with kernel privileges 
  • CVE-2022-22620 (WebKit) – Processing maliciously crafted online content might cause arbitrary code execution 

Because the holes are being actively exploited, Apple iPhone, iPad, and Mac users are strongly advised to update to the most recent versions of the software as soon as possible to avoid any potential threats. iPhone 6s and later, iPad Air 2 and later, iPad Pro (all models), iPad mini 4 and later, iPad 5th generation and later, and iPod touch (7th generation) are all eligible for the iOS and iPad upgrades. 

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.

Share: