On Thursday, Apple announced security patches iOS 15.4.1, iPadOS 15.4.1, and MacOS 12.3.1 to address zero-day vulnerabilities that is apparently being exploited by hackers.
A zero-day vulnerability is a software flaw that is either unknown to people who should be concerned about its mitigation or a known vulnerability that still doesn’t have a patch to fix it.
The company stated:
“an out-of-bounds write issue was addressed with improved bounds checking.” Without that patch, “an application may be able to execute arbitrary code with kernel privileges,” and Apple is “aware of a report that this issue may have been actively exploited.”
CVE-2022-22674 and CVE-2022-22675 were previously disclosed by anonymous security researchers. The vulnerability reported in these issues is said to impact every iPhone launched after 2015, the seventh-generation iPod touch, and the most current iPad, iPad mini, iPad Pro, and iPad Air devices.
Apple patched the aforementioned flaws in iOS 15.4.1, iPadOS 15.4.1, and macOS Monterey 12.3.1 with enhanced input validation and bounds checking.
The company confirmed that there might be active exploitation in the wild, but no additional information was provided.
Apple has already released several updates this year to address previously reported zero-day vulnerabilities.
Despite the fact that this vulnerability seems to affect only certain devices, we recommended that users of all Apple devices apply today’s security upgrades to avoid becoming the targeted user for an exploit.