Apple just patched a whole load of iPad, macOS and iPhone security bugs, so update now

Two zero-days among the patched Apple flaws

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Applehas fixed two zero-days that have allegedly been abused in the wild affecting itsiPhone, iPad, and Mac devices.

In a security advisory published by the company, Apple said the patch fixed CVE-2022-22674, and CVE-2022-22675. The former is an out-of-bounds write vulnerability in theIntelGraphics Driver that allows apps to read kernel memory, while the latter is an out-of-bounds read issue in the AppleAVD media decoder allowing apps to execute arbitrary code with kernel privileges.

Apple says the flaws might have been exploited in the wild, most likely foridentity theftand other fraudulent activity, so users are urged to update theiroperating systemsto the newest version as soon as possible: iOS 15.4.1, iPadOS 15.4.1, and macOS Monterey 12.3.1.

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.

Click here to start the survey in a new window«

Looking for zero-days

All iPhone models from the iPhone 6 upwards are affected, as well as alliPad Promodels, all iPad Airs, from 2 onwards, as well as all iPads, from the 5th generation. iPad mini 4 and newer, and iPod touch 7th generation and newer, are all affected.

Threat actors are always on the lookout for software vulnerabilities, with Apple also recently pushing an OS update for theApple Watch, iPhone, and iPad to fix an exploit being actively abused in the wild.

The exploit was found byGoogle’s Project Zero team and impacts WebKit – the browser engine that Apple used to buildSafari.

Apple releases emergency iOS and macOS security patch - so update now>Patch your iPhone and iPad: Apple security update stamps out active exploit>Apple releases urgent security fix for iPhone and Mac devices

In September 2021, the company also had to issue an urgent update to patch a zero-day arbitrary code execution in iOS and macOS devices, tracked as CVE-2021-30869, which was also being abused in the wild.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Although Apple hasn’t shared much details about the vulnerability citing customer’s protection, it did mention that the bug exists in Apple’sopen sourceXNU operating system kernel.

Apple reportedly has had to deal with several zero-days off late, many of whom have been used in attacks against iOS and macOS devices, the most notorious being the ones exploited to install Pegasus spyware on iPhones.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Nokia confirms data breach leaked third-party code, but its data is safe

Rising AI threats are making firms turn back to human intelligence

3 reasons why PIA fell in our best VPN rankings