Apple on Thursday released fixes for two critical zero-day vulnerabilities affecting Phone, iPad, and Macintosh that give hackers access to the internals of the OSes which the devices run.
Apple credited an anonymous researcher with discovering both vulnerabilities. The first vulnerability, CVE-2022-22675, resides in macOS for Monterey and in iOS or iPadOS for most iPhone and iPad models. The flaw, which stems from an out-of-bounds write issue, gives hackers the ability to execute malicious code that runs with privileges of the kernel, the most security-sensitive region of the OS.
CVE-2022-22674, meanwhile, also results from an out-of-bounds read issue that can lead to the disclosure of kernel memory.
CVE-2022-22674 and CVE-2022-22675 are the fourth and fifth zero-days Apple has patched this year.
MacDailyNews Take: Plus, iOS 15.4.1, iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1 are all snappy!
Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!