Apple fixes zero-day vulnerabilities in iOS 15.4.1 and macOS Monterey 12.3.1 (with active exploits in the wild)

binary, code, binary code-4791836.jpg

Apple has released security updates for Apple iOS 15.4.1, iPadOS 15.4.1 and macOS Monterey 12.3.1 products. Apple is aware of known exploits in the wild for a zero-day vulnerabilities CVE-2022-22675 and CVE-2022-22674.

A remote attacker could exploit some of these vulnerabilities to take control of unpatched systems.

iOS 15.4.1 and iPadOS 15.4.1

The latest iOS 15.4.1 and iPadOS 15.4.1 security update released on March 31, 2022 addressed just one zero-day vulnerability CVE-2022-22675 that could allow an attacker to execute arbitrary code with kernel privileges.

“Apple is aware of a report that this issue may have been actively exploited,” Apple warned in the advisory.

The update is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

macOS security updates

Apple also released a security update for macOS Monterey 12.3.1 that patched the same zero-day vulnerability patched in iOS CVE-2022-22675, as well as another zero-day CVE-2022-22674 that could lead to the disclosure of kernel memory.

Apple is also aware of these vulnerabilities being exploited in the wild.

Update 4/8/22: this article was updated to correct CVE zero-day vulnerabilities (CVE-2022-22675 and CVE-22674) listed under macOS security updates.