Apple releases emergency update to fix zero-day vulnerabilities that can hack iPhones and Macs



On March 31, 2022, Apple released an update that fixes two vulnerabilities that could illegally extract information from iPhone, iPad, and Mac and execute arbitrary commands. did.

About the security content of iOS 15.4.1 and iPadOS 15.4.1 --Apple Support
https://support.apple.com/en-us/HT213219

About the security content of macOS Monterey 12.3.1 --Apple Support
https://support.apple.com/en-us/HT213220

Apple emergency update fixes zero-days used to hack iPhones, Macs
https://www.bleepingcomputer.com/news/security/apple-emergency-update-fixes-zero-days-used-to-hack-iphones-macs/

The security update released by Apple this time is 'CVE-2022-22674' which is an out-of- bounds write problem of Intel Graphics Driver that allows the application to read the kernel memory, and Apple AVD of the media decoder allows the application to be arbitrary with kernel privileges. It is intended to fix the 'CVE-2022-22675' out-of-bounds write issue where code can be executed.

These bugs were reported by anonymous security researchers. Apple has addressed this issue with iOS 15.4.1, iPadOS 15.4.1, and macOS Monterey 12.3.1. 'We're seeing reports that this issue may have been actively abused,' Apple said, calling for an immediate update.

Target devices other than Macs with macOS Monterey installed are iPhone 6s or later, all iPad Pro models, iPad Air 2 or later, 5th generation or later iPad, iPad mini 4 or later, and 7th generation iPod touch.

in Security, Posted by log1l_ks