Apple releases fixes for two zero-days affecting Macs, iPhones and iPads
Apple released fixes for CVE-2022-22675 and CVE-2022-22674, both of which were submitted by anonymous researchers.
“Apple is aware of a report that this issue may have been actively exploited,” the tech giant said of both vulnerabilities.
CVE-2022-22675 relates to an out-of-bounds write issue affecting the AppleAVD media decoder. Apple said it was addressed with improved bounds checking.
The company explained that the vulnerability would allow an attacker to take over a device and execute arbitrary code with kernel privileges.
CVE-2022-22674 is a similar out-of-bounds read issue affecting the Intel Graphics Driver that “may lead to the disclosure of kernel memory and was addressed with improved input validation.”
For Macs, the update is included in macOS Monterey 12.3.1. iPhones and iPads have the update in iOS 15.4.1 and iPadOS 15.4.1.
The fix is for iPhone 6s and later, all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Apple declined to comment further about reports of the zero-days being exploited in the wild.
|A memory corruption issue affecting iOS, iPadOS, and macOS Monterey.
|A cross-origin issue affecting iOS, iPadOS, watchOS, tvOS, and macOS Monterey.
|A use after free issue affecting iOS, iPadOS, and macOS Monterey.
|An out-of-bounds write issue affecting iOS, iPadOS, and macOS Monterey.
|An out-of-bounds read issue affecting macOS Monterey.
is the Host and Managing Editor of the Click Here podcast as well as a senior correspondent at Recorded Future News. She previously served on NPR’s Investigations team focusing on breaking news stories and national security, technology, and social justice and hosted and created the award-winning Audible Podcast “What Were You Thinking.”