Apple releases fixes for zero-day exploits for MacOS & iOS

Kirk Hammond headshot
Kirk Hammond|April 4, 2022
Security Article Background
Security Article Background

Apple released patches for two zero-day vulnerabilities last Thursday, March 31, 2022. These exploits impact macOS 12.3 and iOS 15.4. At the time of writing, both updates were listed as “reserved” with very little information available.

  • CVE-2022-22675: reportedly relates to an out-of-bounds write issue in the AppleAVD media decoder. The patch improves bounds checking to address this issue.

  • CVE-2022-22674: is reported to be an out-of-bounds read issue impacting Intel Graphics Drivers that could lead to the disclosure of kernel memory. The patch improves input validation to stop the exploit.

There are unconfirmed reports of these zero-days being actively exploited. When zero-day patches are released with very little confirmed information, it often means the security impact is significant. We highly recommend that you update to macOS 12.3.1 and iOS 15.4.1 as soon as possible.

Kirk Hammond headshot
Kirk Hammond

Kirk is a seasoned sysadmin with a thirst for knowledge and drive to improve the environments he works in. He was a PDQ employee.

Related articles