Apple emergency update fixes zero-days used to hack iPhones, Macs

silversurfer

Level 84
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,577
Apple has released security updates on Thursday to address two zero-day vulnerabilities exploited by attackers to hack iPhones, iPads, and Macs.

Zero-day security bugs are flaws the software vendor is unaware of and hasn't patched. In some cases, they also have publicly available proof-of-concept exploits or may be actively exploited in the wild.

In security advisories published today, Apple said that they're aware of reports the issues "may have been actively exploited."

The two flaws are an out-of-bounds write issue (CVE-2022-22674) in the Intel Graphics Driver that allows apps to read kernel memory and an out-of-bounds read issue (CVE-2022-22675) in the AppleAVD media decoder that will enable apps to execute arbitrary code with kernel privileges.

The bugs were reported by anonymous researchers and fixed by Apple in iOS 15.4.1, iPadOS 15.4.1, and macOS Monterey 12.3.1 with improved input validation and bounds checking, respectively.

The list of impacted devices includes:
  • Macs running macOS Monterey
  • iPhone 6s and later
  • iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).