Apple has released its security updates for fix two zero-day vulnerabilities (zero-days) that had previously been exploited by attackers to hack iPhones, iPads, and Macs. Apple has said it is aware that the issues “may have been actively exploited.”
the two failures they are a problem CVE-2022-22674 (known in English as out-of-bounds write issue) in the Intel graphics driver that allows applications to read kernel memory. Another is a read out of bounds issue (CVE-2022-22675) in the AppleAVD media decoder that allowed applications to execute arbitrary code with kernel privileges.
The bugs were reported by anonymous researchers and fixed by Apple in iOS 15.4.1, iPadOS 15.4.1, and macOS Monterey 12.3.1. Devices that have been affected by this bug are all Macs that use the macOS Monterey operating system.
As well iPhone 6s and later. As for tablets, those affected have been all models of iPad Pro, iPad Air 2 and later, iPad fifth generation and later, iPad mini 4 and later, and iPod touch (seventh generation).
Apple did not release any additional information about how these attacks were exploited. and recommend install security updates as soon as possible to block possible attack attempts.
In January, Apple patched two other actively exploited zero days that can allow attackers achieve arbitrary code execution with core privileges and track web browsing activity and user identity in real time.
In February, Apple released security updates to fix a new zero-day bug exploited for hack iPhones, iPads and Macs, leading to OS crash and remote code execution on compromised devices after processing malicious web content.