Security News > 2022 > January > Apple Releases iOS and macOS Updates to Patch Actively Exploited 0-Day Vulnerability
Tracked as CVE-2022-22587, the vulnerability relates to a memory corruption issue in the IOMobileFrameBuffer component that could be abused by a malicious application to execute arbitrary code with kernel privileges.
The iPhone maker said it's "Aware of a report that this issue may have been actively exploited," adding it addressed the issue with improved input validation.
CVE-2022-22585 - A path validation issue in iCloud that could be exploited be a rogue application to access a user's files.
CVE-2022-22591 - A memory corruption issue in Intel Graphics Driver that could be abused by a malicious application to execute arbitrary code with kernel privileges.
CVE-2022-22593 - A buffer overflow issue in Kernel that could be abused by a malicious application to execute arbitrary code with kernel privileges.
The updates are available for iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, iPod touch, and macOS devices running Big Sur, Catalina, and Monterey.
News URL
https://thehackernews.com/2022/01/apple-releases-ios-and-ipados-updates.html
Related news
- Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Global Pressure Mounts for Apple as Brazilian Court Demands iOS Sideloading Within 90 Days (source)
- Cisco IOS XR vulnerability lets attackers crash BGP on routers (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Apple Rolls Out iOS 18.4 With New Languages, Emojis & Apple Intelligence in the EU (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-18 | CVE-2022-22593 | Classic Buffer Overflow vulnerability in Apple products A buffer overflow issue was addressed with improved memory handling. | 7.8 |
| 2022-03-18 | CVE-2022-22591 | Out-of-bounds Write vulnerability in Apple Macos 12.0.0/12.0.1/12.1 A memory corruption issue was addressed with improved memory handling. | 7.8 |
| 2022-03-18 | CVE-2022-22587 | Out-of-bounds Write vulnerability in Apple Iphone OS and Macos A memory corruption issue was addressed with improved input validation. | 9.8 |
| 2022-03-18 | CVE-2022-22585 | Link Following vulnerability in Apple products An issue existed within the path validation logic for symlinks. | 7.5 |