Apple releases patches for 0-Days in MacOS and iOS

15.04.2022

Back to news

Apple rapidly released patches for vulnerabilities, which may have lead to procession of kernel memory’s data. These vulnerabilities concern newest Mac, iPad and iPhone versions.

First one, named CVE-2022-22674, was obtained in Intel graphics driver: it’s referred to “out-of-bounds read issue”, and with the help of it an application was possible to read kernel’s memory content.  The second vulnerability, named CVE-2022-22675, was obtained in the AppleAVD. Due to this bag, an application could run random code with kernel privileges. 

The following devices were at risk of being exposed: Mac with macOS Moneterey, iPhone 6s and newer, all iPad pro, iPad 5 and newer, iPad Air 2 and newer, iPad mini4 and iPod touch 7th gen. Vulnerabilities CVE-2022-22675 may be eliminated by installation of iOS 15.4.1, iPadOS 15.4.1, and both vulnerabilities may be illuminated by macOS Monterey 12.3.1.  These upgrades implement appropriate validation of inputed and processed data.

Many experts believe, that these vulnerabilities are quite obvious and even trivial, nevertheless, it’s supposed, that intruders managed to use these vulnerabilities quite actively. Still, not much information was officially released by Apple officials. Company referres to the priority of client’s data protection, and, due to this, more details may originate after the problems research and analysis will be fully accomplished. The current recommendation may be to download new official patches.