Apple patches two zero-days

Overview

Apple has released a patch for two critical vulnerabilities in macOS and iOS.

CVE-2022-22674 is an out-of-bounds read issue in the Intel graphics driver which could allow a local application to read kernel memory.

CVE-2022-22675 is an out-of-bounds write issue that could allow a local application to execute code as the kernel.

Impact

A malicious application could take complete control of the device.

Vulnerability Detection

Check the running version.

Affected Products

• macOS Monterey before 12.3.1
• iOS before 15.4.1

Containment, Mitigations & Remediations

Update to the latest version.

Indicators of Compromise

None listed.

Threat Landscape

Apple reports that CVE-2022-22675 is being actively exploited in the wild and the Cybersecurity & Infrastructure Security Agency (CISA), an official government organisation in the United States, has added this to their exploit catalogue.

Mitre Methodologies

T1068 – Exploitation for Privilege Escalation

Further Information

About the security content of iOS 15.4.1 and iPadOS 15.4.1
About the security content of macOS Monterey 12.3.1