Security News > 2022 > April > Apple Rushes Out Patches for 0-Days in MacOS, iOS

Apple Rushes Out Patches for 0-Days in MacOS, iOS
2022-04-01 13:02

Apple rushed out patches for two zero-days affecting macOS and iOS Thursday, both of which are likely under active exploitation and could allow a threat actor to disrupt or access kernel activity.

Apple released separate security updates for the bugs - a vulnerability affecting both macOS and iOS tracked as CVE-2022-22675 and a macOS flaw tracked as CVE-2022-22674.

Apple addressed the bug - which also may have been actively exploited - with improved input validation, the company said.

As is typical, Apple didn't disclose more specifics on the issues and what exploits may be occurring.

To start off 2022, in January, Apple patched two zero-day bugs, one in its device OSes and another in the WebKit engine at the foundation of its Safari browser.

Apple fixed another actively exploited WebKit bug, a use-after-free issue that allowed threat actors to execute arbitrary code on affected devices after they process maliciously crafted web content.


News URL

https://threatpost.com/apple-rushes-out-patches-0-days-macos-ios/179222/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-05-26 CVE-2022-22675 Out-of-bounds Write vulnerability in Apple products
An out-of-bounds write issue was addressed with improved bounds checking.
local
low complexity
apple CWE-787
7.8
2022-05-26 CVE-2022-22674 Out-of-bounds Read vulnerability in Apple mac OS X and Macos
An out-of-bounds read issue existed that led to the disclosure of kernel memory.
local
low complexity
apple CWE-125
5.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349