Apple issues emergency patches to fix actively exploited zero-days

Pierluigi Paganini March 31, 2022

Apple released emergency patches to address two zero-day vulnerabilities actively exploited to compromise iPhones, iPads, and Macs.

Apple has released emergency security patches to address two zero-day vulnerabilities actively exploited to hack iPhones, iPads, and Macs.

The first zero-day, tracked as CVE-2022-22674, is an out-of-bounds read issue that resides in the Intel Graphics Driver that could allow malicious apps to read kernel memory.

“An out-of-bounds read issue may lead to the disclosure of kernel memory and was addressed with improved input validation. Apple is aware of a report that this issue may have been actively exploited.” reads the advisory published by the IT giant.

The second flaw, tracked as CVE-2022-22675, is an out-of-bounds write issue that affects the AppleAVD media decoder. The exploitation of the issue can lead to read kernel memory that will enable apps to execute arbitrary code with kernel privileges.

“An application may be able to execute arbitrary code with kernel privileges.” reads the advisory. “An out-of-bounds write issue was addressed with improved bounds checking. Apple is aware of a report that this issue may have been actively exploited.

Both zero-day flaws were reported by anonymous researchers and by Apple addressed them with the release of iOS 15.4.1, iPadOS 15.4.1, and macOS Monterey 12.3.1. Apple addressed them with improved input validation and bounds checking, respectively.

Apple did not disclose any detail about the exploitation of the vulnerabilities in the wild.

Users are recommended to immediately install the security updates as soon as possible.

Apple addressed other three actively exploited vulnerabilities since January. In February, Apple has addressed a zero-day vulnerability, tracked as CVE-2022-22620, in the WebKit affecting iOS, iPadOSmacOS, and Safari. The flaw was a use after free issue that could be triggered by processing maliciously crafted web content, leading to arbitrary code execution.

In January, the company has addressed another couple of zero-day vulnerabilities tracked as CVE-2022-22587 and CVE-2022-22594 respectively. An attacker could have exploited the flaws to run arbitrary code on the vulnerable devices and track users’ online activity in the web browser.In January, Apple patched two more actively exploited zero-days that can enable attackers to achieve arbitrary code execution with kernel privileges (CVE-2022-22587) and track web browsing activity and the users’ identities in real-time (CVE-2022-22594).

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Apple)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment