Two critical zero-day vulnerabilities has been identified that require the immediate attention of anyone using a Macintosh computer, iPhone, or iPad.
Threat:
Apple released separate security updates for two vulnerabilities that affect the macOS and iOS and iPadOS operating systems. The zero-day vulnerability that affects both macOS and iOS is tracked as CVE-2022-22675 and one that affects Macs (a macOS zero-day flaw) is tracked as CVE-2022-22674. Successful exploitation of the CVE-2022-22675 vulnerability could allow an application to execute arbitrary code with kernel privileges. Successful exploitation of the CVE-2022-22674 vulnerability could allow an application to read kernel memory. Both of these may have already been exploited.
Permanent mitigation:
If you are running macOS Monterey, update to version 12.3.1 or higher.
If you have an iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation), update to version iOS 15.4.1 and iPadOS 15.4.1 or higher.
Temporary mitigation:
None.
More information:
Apple Security Updates Information - https://support.apple.com/en-us/HT201222
About the security content of iOS 15.4.1 and iPadOS 15.4.1 - https://support.apple.com/en-us/HT213219
About the security content of macOS Monterey 12.3.1 - https://support.apple.com/en-us/HT213220
https://9to5mac.com/2022/03/31/apple-fixes-multiple-zero-day-exploits-with-ios-15-4-1-and-macos-12-3-1/
https://www.techtimes.com/articles/273774/20220401/apple-launches-two-fixes-zero-day-vulnerabilities-affecting-iphones-mac.htm
https://arstechnica.com/information-technology/2022/03/apple-rushes-out-patches-for-two-zero-days-threatening-ios-and-macos-users/
https://threatpost.com/apple-rushes-out-patches-0-days-macos-ios/179222/
Printer-friendly version