Apple April 2022 Security Update, two high severity zero-day flaws tracked as “CVE-2022-22674” and “CVE-2022-22675” have been reported in Apple macOS and iOS. Apple has released patches for these two zero-day CVEs affecting macOS and iOS. A critical vulnerability is, therefore, present in Apple macOS and iOS up to 15.4.0 (Smartphone Operating System). You can detect and remediate these vulnerabilities with an effective vulnerability management tool and patch management tool.
“Apple is aware of a report that this issue may have been in active exploitation.” Moreover, It refers to what it describes as an “Out of bounds read and write” flaw. An anonymous researcher is identifying the flaw.
Apple fixes high severity vulnerability 2022 Zero days CVEs
Apple fixes high severity vulnerability 2022; these CVEs are Apple’s fourth and fifth zero-day vulnerabilities this year. In January 2022, Apple patched two zero-day flaws that involved code execution flaws—also issued one patch for high severity WebKit flaw that allows an attacker to use malicious web content to finally execute malicious code.
Affected Products: macOS, iOS
Affected version: macOS, iOS up to 15.4.0
CVE: CVE-2022-22674
Available for: macOS Monterey
Description: An out-of-bounds read issue in Intel Graphic Driver may lead to the disclosure of kernel memory and be with improving input validation, which can be active exploitation.
Impact: Successful exploitation may allow attackers to read kernel memory. However, the manipulation with an unknown input may lead to memory corruption vulnerability.
Severity: High
Apple fixes high severity vulnerability 2022
CVE: CVE-2022-22675
Available for: macOS Monterey
Description: An out-of-bounds write issue was addressed with improved bounds checking. This issue affects an unknown code of the component AppleAVD.
Impact: Successful exploitation may allow attackers to therefore execute arbitrary code with kernel privileges.
Severity: High
SanerNow VM and SanerNow PM detect these vulnerabilities and therefore, automatically fix them using security updates. Use SanerNow and keep your systems updated and secure.