Apple just patched a whole load of iPad, macOS and iPhone security bugs, so update now

Apple Siri
(Image credit: Getty Images)

Apple has fixed two zero-days that have allegedly been abused in the wild affecting its iPhone, iPad, and Mac devices. 

In a security advisory published by the company, Apple said the patch fixed CVE-2022-22674, and CVE-2022-22675. The former is an out-of-bounds write vulnerability in the Intel Graphics Driver that allows apps to read kernel memory, while the latter is an out-of-bounds read issue in the AppleAVD media decoder allowing apps to execute arbitrary code with kernel privileges. 

Apple says the flaws might have been exploited in the wild, most likely for identity theft and other fraudulent activity, so users are urged to update their operating systems to the newest version as soon as possible: iOS 15.4.1, iPadOS 15.4.1, and macOS Monterey 12.3.1.

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> <a href="https://project.tolunastart.com/s/Cy37RiA" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

Looking for zero-days

All iPhone models from the iPhone 6 upwards are affected, as well as all iPad Pro models, all iPad Airs, from 2 onwards, as well as all iPads, from the 5th generation. iPad mini 4 and newer, and iPod touch 7th generation and newer, are all affected.

Threat actors are always on the lookout for software vulnerabilities, with Apple also recently pushing an OS update for the Apple Watch, iPhone, and iPad to fix an exploit being actively abused in the wild.

The exploit was found by Google's Project Zero team and impacts WebKit – the browser engine that Apple used to build Safari.

In September 2021, the company also had to issue an urgent update to patch a zero-day arbitrary code execution in iOS and macOS devices, tracked as CVE-2021-30869, which was also being abused in the wild.

Although Apple hasn’t shared much details about the vulnerability citing customer’s protection, it did mention that the bug exists in Apple’s open source XNU operating system kernel. 

Apple reportedly has had to deal with several zero-days off late, many of whom have been used in attacks against iOS and macOS devices, the most notorious being the ones exploited to install Pegasus spyware on iPhones.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.