Apple releases fixes for two zero-day exploits affecting Macs, iPhones, and iPads

Last updated May 2, 2022

Apple released patches for two zero-day vulnerabilities last Thursday, March 31, 2022. These exploits impact macOS 12.3 and iOS 15.4. At the time of writing, both updates were listed as “reserved” with very little information available.

• CVE-2022-22675 reportedly relates to an out-of-bounds write issue in the AppleAVD media decoder. The patch improves bounds checking to address this issue.
• CVE-2022-22674 is reported to be an out-of-bounds read issue impacting Intel Graphics Drivers that could lead to the disclosure of kernel memory. The patch improves input validation to stop the exploit.

There are unconfirmed reports of these zero-days being actively exploited. When zero-day patches are released with very little confirmed information, it often means the security impact is significant. We highly recommend that you update to macOS 12.3.1 and iOS 15.4.1 as soon as possible.