Get in Touch
Please get in touch using the form below.
Apple patches two zero-days
Overview
Apple has released a patch for two critical vulnerabilities in macOS and iOS.
CVE-2022-22674 is an out-of-bounds read issue in the Intel graphics driver which could allow a local application to read kernel memory.
CVE-2022-22675 is an out-of-bounds write issue that could allow a local application to execute code as the kernel.
Impact
A malicious application could take complete control of the device.
Vulnerability Detection
Check the running version.
Affected Products
- macOS Monterey before 12.3.1
- iOS before 15.4.1
Containment, Mitigations & Remediations
Update to the latest version.
Indicators of Compromise
None listed.
Threat Landscape
Apple reports that CVE-2022-22675 is being actively exploited in the wild and the Cybersecurity & Infrastructure Security Agency (CISA), an official government organisation in the United States, has added this to their exploit catalogue.
Mitre Methodologies
T1068 – Exploitation for Privilege Escalation
Further Information
About the security content of iOS 15.4.1 and iPadOS 15.4.1
About the security content of macOS Monterey 12.3.1