Home>Blog>The Hacker News Headlines>Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices
The Hacker News Headlines

Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices

Apple on Thursday rolled out emergency patches to address two
zero-day flaws in its mobile[1] and desktop operating
systems[2] that it said may have
been exploited in the wild.

The shortcomings have been fixed as part of updates to iOS and
iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS
8.5.1. Both the vulnerabilities have been reported to Apple
anonymously.

Tracked as CVE-2022-22675, the issue has been
described as an out-of-bounds write[3]
vulnerability in an audio and video decoding component called
AppleAVD that could allow an application to execute arbitrary code
with kernel privileges.

Apple said the defect was resolved with improved bounds
checking, adding it’s aware that “this issue may have been actively
exploited.”

CyberSecurity

The latest version of macOS Monterey, besides fixing
CVE-2022-22675, also includes remediation for
CVE-2022-22674, an out-of-bounds read[4]
issue in the Intel Graphics Driver module that could enable a
malicious actor to read kernel memory.

The bug was “addressed with improved input validation,” the
iPhone maker noted, once again stating there’s evidence of active
exploitation, while withholding additional details to prevent
further abuse.

The latest updates bring the total number of actively exploited
zero-days patched by Apple to four since the start of year, not to
mention a publicly disclosed flaw in the IndexedDB API[5]
(CVE-2022-22594), which could be weaponized by a malicious website
to track users’ online activity and identities in the web
browser.

  • CVE-2022-22587[6] (IOMobileFrameBuffer) –
    A malicious application may be able to execute arbitrary code with
    kernel privileges
  • CVE-2022-22620[7] (WebKit) – Processing
    maliciously crafted web content may lead to arbitrary code
    execution

In light of active exploitation of the flaws, Apple iPhone,
iPad, and Mac users are highly recommended to upgrade to the latest
versions of the software as soon as possible to mitigate potential
threats.

The iOS and iPad updates are available to iPhone 6s and later,
iPad Pro (all models), iPad Air 2 and later, iPad 5th generation
and later, iPad mini 4 and later, and iPod touch (7th
generation).

References

  1. ^
    mobile
    (support.apple.com)
  2. ^
    desktop
    operating systems     (support.apple.com)
  3. ^
    out-of-bounds write
    (cwe.mitre.org)
  4. ^
    out-of-bounds read
    (cwe.mitre.org)
  5. ^
    IndexedDB API
    (thehackernews.com)
  6. ^
    CVE-2022-22587
    (thehackernews.com)
  7. ^
    CVE-2022-22620
    (thehackernews.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.