Security News > 2022 > April > Apple Rushes Out Patches for 0-Days in MacOS, iOS
Apple rushed out patches for two zero-days affecting macOS and iOS Thursday, both of which are likely under active exploitation and could allow a threat actor to disrupt or access kernel activity.
Apple released separate security updates for the bugs - a vulnerability affecting both macOS and iOS tracked as CVE-2022-22675 and a macOS flaw tracked as CVE-2022-22674.
Apple addressed the bug - which also may have been actively exploited - with improved input validation, the company said.
As is typical, Apple didn't disclose more specifics on the issues and what exploits may be occurring.
To start off 2022, in January, Apple patched two zero-day bugs, one in its device OSes and another in the WebKit engine at the foundation of its Safari browser.
Apple fixed another actively exploited WebKit bug, a use-after-free issue that allowed threat actors to execute arbitrary code on affected devices after they process maliciously crafted web content.
News URL
https://threatpost.com/apple-rushes-out-patches-0-days-macos-ios/179222/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-26 | CVE-2022-22675 | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
| 2022-05-26 | CVE-2022-22674 | Out-of-bounds Read vulnerability in Apple mac OS X and Macos An out-of-bounds read issue existed that led to the disclosure of kernel memory. | 5.5 |