Security News > 2022 > May > Apple patches zero-day kernel hole and much more – update now!
The bug fixes for iPhones and iPads include remote code execution flaws in components from the kernel itself to Apple's image rendering library, graphics drivers, video processing modules and more.
Several of these bugs warn that "a malicious application may be able to execute arbitrary code with kernel privileges".
Macs get patches for many of the same bugs listed above in the iPhone and iPad section.
Like Big Sur, the latest tvOS update fixes CVE-2022-22675, the in-the-wild kernel-level RCE bug described above.
Despite the significantly different version number from tvOS, Apple Watch users also get a patch for the zero-day video decoding bug CVE-2022-22675.
Apple isn't saying what sort of content, but given that the bug is in WebKit, the web rendering engine, rather than one of Apple's multimedia libraries, we're guessing the bug relates to the handling of web-specific data such as HTML, CSS or JavaScript.
News URL
Related news
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- We call this kernel saunters: How Apple rearranged its XNU core with exclaves (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Apple backports zero-day patches to older iPhones and Macs (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-26 | CVE-2022-22675 | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |