Apple has released security updates to address vulnerabilities—CVE-2022-22674 and CVE-2022-22675—in multiple products.
An attacker could exploit one of these vulnerabilities to take control of an affected device. These vulnerabilities have been detected in exploits in the wild.
Users and administrators need to review the security update page for the following products and apply the necessary updates as soon as possible:
1. macOS Monterey 12.3.1
- AppleAVD
Available for: macOS MontereyImpact: An application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking. Apple is aware of a report that this issue may have been actively exploited.
CVE-2022-22675: an anonymous researcher
- Intel Graphics Driver
Available for: macOS MontereyImpact: An application may be able to read kernel memory
Description: An out-of-bounds read issue may lead to the disclosure of kernel memory and was addressed with improved input validation. Apple is aware of a report that this issue may have been actively exploited.
CVE-2022-22674: an anonymous researcher
2. iOS 15.4.1 and iPadOS 15.4.1
- AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-22675: an anonymous researcher
More Info:
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Source:
Apple Releases Security Updates | CISA
About the security content of macOS Monterey 12.3.1 - Apple Support
About the security content of iOS 15.4.1 and iPadOS 15.4.1 - Apple Support
