Security News > 2022 > May > Apple patches zero-day kernel hole and much more – update now!
The bug fixes for iPhones and iPads include remote code execution flaws in components from the kernel itself to Apple's image rendering library, graphics drivers, video processing modules and more.
Several of these bugs warn that "a malicious application may be able to execute arbitrary code with kernel privileges".
Macs get patches for many of the same bugs listed above in the iPhone and iPad section.
Like Big Sur, the latest tvOS update fixes CVE-2022-22675, the in-the-wild kernel-level RCE bug described above.
Despite the significantly different version number from tvOS, Apple Watch users also get a patch for the zero-day video decoding bug CVE-2022-22675.
Apple isn't saying what sort of content, but given that the bug is in WebKit, the web rendering engine, rather than one of Apple's multimedia libraries, we're guessing the bug relates to the handling of web-specific data such as HTML, CSS or JavaScript.
News URL
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-26 | CVE-2022-22675 | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |