Apple updates macOS, iOS, and iPadOS to fix possibly exploited zero-day flaws
Apple has released updates for many of its operating systems, fixing vulnerabilities that the tech giant says may be under active exploitation.
Affecting macOS, iOS, and iPadOS is CVE-2022-22675, a bug in the audio and video decoder which allows an application to run arbitrary code with kernel privileges. The fix is contained in iOS 15.4.1 and iPadOS 15.4.1, which is available for iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and 7th gen iPod touch.
The iOS release also fixed a battery drain issue.
The second fix, released only for macOS Monterey, was CVE-2022-22674 which allows an application to read kernel memory.
“An out-of-bounds read issue may lead to the disclosure of kernel memory and was addressed with improved input validation,” Apple said in a typically small advisory.
“Apple is aware of a report that this issue may have been actively exploited.”
Earlier this year, Apple also released iOS 15.3.1 due to the threat of an actively exploited remote flaw.
In that instance, simply visiting a web page could lead to arbitrary code execution.