On Thursday, March 31st, Apple has released patches to fix two zero-day vulnerabilities in macOS, iOS, and iPad OS. This marks the fourth and fifth zero-days of 2022 for the OSs listed above. The vulnerabilities are as follows:
- CVE-2022-22675: A vulnerability in AppleAVD, Apple’s audio and video decoding framework, affects all three operating systems and may have been actively exploited. When exploited, the vulnerability may allow a threat actor to execute arbitrary code with kernel privileges.
- CVE-2022-22674: An out-of-bounds read issue with the Intel Graphics Driver that may allow an application to view kernel memory, only affecting macOS. This vulnerability may have also been exploited in the wild.
So, why are kernel-related vulnerabilities dangerous? Kernel-related exploitations can be particularly dangerous as the kernel is a central component to operating systems (OS) that connects the physical hardware (CPU, memory, etc.) with the software on the operating system.
Apple has released macOS Monterey 12.3.1 to remediate the two vulnerabilities listed above and additional details can be found in Apple’s macOS security update. It’s important that you patch as soon as possible! If you’re an Automox customer with vulnerable devices and have an existing patch policy for them, they should patch at the next scheduled update after a scan.
Apple also released iOS and iPadOS 15.4.1 to remediate the actively-exploited vulnerability in Apple AVD. Additional details can be found on Apple’s iOS security update. If you have vulnerable iOS or iPadOS devices in your organization, we recommend enforcing a software update to remediate this vulnerability.
For more information and a complete look at Apple’s zero-day history, check out our Automox blog: https://www.automox.com/blog/apple-zero-day-vulnerabilities