How can we help?
Apple has released a patch for two critical vulnerabilities in macOS and iOS.
CVE-2022-22674 is an out-of-bounds read issue in the Intel graphics driver which could allow a local application to read kernel memory.
CVE-2022-22675 is an out-of-bounds write issue that could allow a local application to execute code as the kernel.
A malicious application could take complete control of the device.
Check the running version.
- macOS Monterey before 12.3.1
- iOS before 15.4.1
Containment, Mitigations & Remediations
Update to the latest version.
Indicators of Compromise
Apple reports that CVE-2022-22675 is being actively exploited in the wild and the Cybersecurity & Infrastructure Security Agency (CISA), an official government organisation in the United States, has added this to their exploit catalogue.
T1068 – Exploitation for Privilege Escalation