Apple releases fixes for two zero-day exploits affecting Macs, iPhones, and iPads

Last updated May 2, 2022

Apple released patches for two zero-day vulnerabilities last Thursday, March 31, 2022. These exploits impact macOS 12.3 and iOS 15.4. At the time of writing, both updates were listed as “reserved” with very little information available.

  • CVE-2022-22675 reportedly relates to an out-of-bounds write issue in the AppleAVD media decoder. The patch improves bounds checking to address this issue.
  • CVE-2022-22674 is reported to be an out-of-bounds read issue impacting Intel Graphics Drivers that could lead to the disclosure of kernel memory. The patch improves input validation to stop the exploit.

There are unconfirmed reports of these zero-days being actively exploited. When zero-day patches are released with very little confirmed information, it often means the security impact is significant. We highly recommend that you update to macOS 12.3.1 and iOS 15.4.1 as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

See Why Apple Admins Prefer SimpleMDM

Start My FREE 30-Day Trial Now
  • New MDM Features Coming in iOS 15 and macOS 12 Monterey

    By on June 8, 2021
    Read more
  • New MDM Features Coming in macOS 11 Big Sur & iOS 14

    By on June 22, 2020
    Read more
  • New MDM Features Coming in iOS 13 & macOS Catalina 10.15

    By on June 3, 2019
    Read more

See Why Apple Admins Prefer SimpleMDM No strings. No Spam.

Start My 30-Day Free Trial Now