Apple updates macOS, iOS, and iPadOS to fix possibly exploited zero-day flaws

Apple has released updates for many of its operating systems and fixed vulnerabilities that the technology giant says may be under active exploitation.

Affects macOS, iOS and iPadOS is CVE-2022-22675, a bug in the audio and video decoder that allows an application to run arbitrary code with core privileges. The fix is ​​available in iOS 15.4.1 and iPadOS 15.4.1, which are available for iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and 7th generation iPod touch.

The iOS version also fixed a problem with battery charging.

The second fix, released only for macOS Monterey, was CVE-2022-22674 allowing a program to read kernel memory.

“An out-of-bounds reading problem could lead to core memory being detected and addressed with improved input validation,” Apple said in a typically small statement.

“Apple is aware of a report that this issue may have been actively exploited.”

Earlier this year, Apple also released iOS 15.3.1 due to the threat of an actively exploited remote bug.

In that case, a visit to a web page may lead to the execution of arbitrary code.

Related coverage

Leave a Comment