Apple has released security updates for macOS Monterey 12.3.1, iOS 15.4.1, iPadOS 15.4.1, tvOS 15.4.1, and watchOS 8.5.1. The update patches two vulnerabilities about which the advisory states that Apple is aware of a report that this issue may have been actively exploited for both vulnerabilities.
Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). These are the vulnerabities that were patched in the updates:
Intel Graphics Driver
The vulnerability listed as CVE-2022-22674 exists in the Intel Graphics Driver and is described as an out-of-bounds read issue that may lead to the disclosure of kernel memory and that was addressed with improved input validation. Impacted devices are Macs running macOS Monterey. The graphics drivers are built into the Mac operating system.
The vulnerability listed as CVE-2022-22675 exists in the AppleAVD audio and video decoding component and is described as an out-of-bounds write issue that was addressed with improved bounds checking. Impacted devices include:
- Macs running macOS Monterey
- iPhone 6s and later
- iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
If a flaw in a program allows it to read or write outside of the bounds set for the program, it is possible to manipulate other parts of the memory which are allocated to more critical functions. This can allow an attacker to write code to a part of the memory where it will be executed with permissions that the program and user should not have.
Specific details about the vulnerabilities have not been disclosed which is habitual, since Apple wants to give as many users as possible a chance to update before giving others a chance to abuse them.
Stay safe, everyone!
The post Update now! Apple patches two zero-day vulnerabilities that may have been actively exploited appeared first on Malwarebytes Labs.