If you use Apple devices, be sure to patch your operating systems as soon as possible. The Cupertino company has just plugged two zero-day flaws actively exploited by hackers. Both resulted from a lack of bounds checking. The first (CVE-2022-22675) concerns macOS, iOS and iPadOS. It was located in the AppleAVD audio/video decoding module and allowed executing arbitrary code in the kernel. The second (CVE-2022-22674) only concerns macOS and was in the Intel Graphics driver. It allowed to read data in the memory of the kernel.
Also see video:
In both cases, the problem was fixed by adding the necessary checks in the code. To take advantage of these fixes, you must download the macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1 updates. On the other hand, Apple does not give any details on the cyberattacks that have been carried out with these flaws. In total, the company has already corrected – since the beginning of the year – four zero-day flaws exploited by hackers.
Sources: Alerts iOS/iPadOS and macOS