Security News > 2022 > May > Apple patches zero-day kernel hole and much more – update now!

Apple patches zero-day kernel hole and much more – update now!
2022-05-17 18:30

The bug fixes for iPhones and iPads include remote code execution flaws in components from the kernel itself to Apple's image rendering library, graphics drivers, video processing modules and more.

Several of these bugs warn that "a malicious application may be able to execute arbitrary code with kernel privileges".

Macs get patches for many of the same bugs listed above in the iPhone and iPad section.

Like Big Sur, the latest tvOS update fixes CVE-2022-22675, the in-the-wild kernel-level RCE bug described above.

Despite the significantly different version number from tvOS, Apple Watch users also get a patch for the zero-day video decoding bug CVE-2022-22675.

Apple isn't saying what sort of content, but given that the bug is in WebKit, the web rendering engine, rather than one of Apple's multimedia libraries, we're guessing the bug relates to the handling of web-specific data such as HTML, CSS or JavaScript.


News URL

https://nakedsecurity.sophos.com/2022/05/17/apple-patches-zero-day-kernel-hole-and-much-more-update-now/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-05-26 CVE-2022-22675 Out-of-bounds Write vulnerability in Apple products
An out-of-bounds write issue was addressed with improved bounds checking.
local
low complexity
apple CWE-787
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349
Kernel 3 0 7 4 1 12