Apple Releases macOS iOS iPadOS patches for 'exploited' security bugs 
Reading Time: 2 minutes

Apple has released macOS, iOS, and iPadOS patches for exploited security bugs. Apple on Thursday released macOS Monterey 12.3.1; iOS 15.4.1 and iPadOS 15.4.1; tvOS 15.4.1; and watchOS 8.5.1 to address vulnerabilities in its software.

The released patch will fix CVE-2022-22675, it is an out-of-bounds write flaw in the driver level AppleAVD, reported by an anonymous researcher.

Bad actors can exploit the vulnerability by running code at the kernel level. Enabling them to gain control using a rogue app or user can gain powerful privileges and completely take over the machine.

According to Apple, it “is aware of a report that this issue may have been actively exploited.” The security update will improve memory bounds checking and fix the bug. 

CVE-2022-22674 is yet another vulnerability in the OS’s Intel graphics driver that will also be addressed by the Monterey update. This flaw can be exploited using a rogue app or gaining unauthorized login by gaining access to kernel memory, compromising hidden information such as keys and credentials.

Apple said it is aware of the flaw that has been actively exploited, it has been addressed by performing better user input validation.

Apple added, The AppleAVD flaw has been addressed for iOS and iPadOS, while there are no advisories for the tvOS and watchOS security releases because each update has no published CVE entries.

Users have been advised to apply these updates ASAP if they are not updated automatically. The latest Macs have the macOS vulnerabilities at least in the Macs running Monterey. The latest update is available for iPhone 6s and later, all models of the iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Related Articles:
Security Patch Released – Critical Zero-Day Bug in Java Spring Framework
More than 200 Malicious NPM Packages Target Azure Developers
Russian Cyclops Blink Botnet New version targets ASUS Routers