Home > Attacks & Data Breaches > Apple Releases Patches For Two Actively Exploited Zero-Day Vulnerabilities

Apple Releases Patches For Two Actively Exploited Zero-Day Vulnerabilities

April 1, 2022
CIM Team

Yesterday, Apple released emergency fixes for two zero vulnerabilities in its mobile and desktop operating systems, claiming that they have been exploited in the wild. The weaknesses are patched as part of updates to iOS and iPadOS 15.4.1, tvOS 15.4.1, watchOS 8.5.1, and macOS Monterey 12.3.1. Both flaws were reported to Apple in an anonymous manner.

The vulnerability, identified as CVE-2022-22675, is an out-of-bounds write weakness in AppleAVD, an audio and video decoding component that might allow an application to run arbitrary code with kernel privileges. Apple claimed improved bounds checking fixed the bug, but it’s aware that “this issue may have been actively exploited.”

In addition to addressing CVE-2022-22675, the current version of macOS Monterey includes a remedy for CVE-2022-22674, an out-of-bounds read problem in the Intel Graphics Driver module that might allow a malicious actor to access kernel memory. The iPhone maker said the flaw was “addressed with improved input validation.” The company also indicated evidence of active exploitation but withheld further specifics to avoid future misuse.

Apple has already patched four actively exploited zero-days since the beginning of the year, not to mention a publicly revealed weakness in the IndexedDB API (CVE-2022-22594), which may be used by a malicious website to monitor users’ online activities and identity on the web browser. The patched flaws are:

CVE-2022-22587 (IOMobileFrameBuffer) – A malicious program can execute arbitrary code with kernel privileges
CVE-2022-22620 (WebKit) – Processing maliciously crafted online content might cause arbitrary code execution

Because the holes are being actively exploited, Apple iPhone, iPad, and Mac users are strongly advised to update to the most recent versions of the software as soon as possible to avoid any potential threats. iPhone 6s and later, iPad Air 2 and later, iPad Pro (all models), iPad mini 4 and later, iPad 5th generation and later, and iPod touch (7th generation) are all eligible for the iOS and iPad upgrades.

About the author

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others

Apple Releases Patches For Two Actively Exploited Zero-Day Vulnerabilities

About the author

CIM Team

Share:

Related ARTICLES

CaTEGORIES

Quick Nav

Apple Releases Patches For Two Actively Exploited Zero-Day Vulnerabilities

About the author

CIM Team

Share:

Related ARTICLES

Weekly Cyber Threat Report, May 22-26, 2023

Devastating DDoS Attacks Launched Against Gaming Industry by Dark Frost Botnet

Israeli Logistics Sector Attacked by Iranian Tortoiseshell Hackers

GoldenJackal: New Threat Gang Attacking South Asian And Middle Eastern Governments

CaTEGORIES

Quick Nav