Apple releases fixes for two zero-days affecting Macs, iPhones and iPads

Apple published two notices on Thursday about two zero-day vulnerabilities affecting Macs, iPhones and iPads.

Apple released fixes for CVE-2022-22675 and CVE-2022-22674, both of which were submitted by anonymous researchers.

“Apple is aware of a report that this issue may have been actively exploited,” the tech giant said of both vulnerabilities.

CVE-2022-22675 relates to an out-of-bounds write issue affecting the AppleAVD media decoder. Apple said it was addressed with improved bounds checking.

The company explained that the vulnerability would allow an attacker to take over a device and execute arbitrary code with kernel privileges.

CVE-2022-22674 is a similar out-of-bounds read issue affecting the Intel Graphics Driver that “may lead to the disclosure of kernel memory and was addressed with improved input validation.”

For Macs, the update is included in macOS Monterey 12.3.1. iPhones and iPads have the update in iOS 15.4.1 and iPadOS 15.4.1.

The fix is for iPhone 6s and later, all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Apple declined to comment further about reports of the zero-days being exploited in the wild.

Apple has already patched three zero-days this year and patched at least 17 throughout 2021.

CVEPatch DateDescription
CVE-2022-22587January 27A memory corruption issue affecting iOS, iPadOS, and macOS Monterey.
CVE-2022-22594January 27A cross-origin issue affecting iOS, iPadOS, watchOS, tvOS, and macOS Monterey.
CVE-2022-22620February 10A use after free issue affecting iOS, iPadOS, and macOS Monterey.
CVE-2022-22675March 31An out-of-bounds write issue affecting iOS, iPadOS, and macOS Monterey.
CVE-2022-22674March 31An out-of-bounds read issue affecting macOS Monterey.
Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Dina Temple-Raston

Dina Temple-Raston

is the Host and Managing Editor of the Click Here podcast as well as a senior correspondent at Recorded Future News. She previously served on NPR’s Investigations team focusing on breaking news stories and national security, technology, and social justice and hosted and created the award-winning Audible Podcast “What Were You Thinking.”