Apple patches vulnerabilities in multiple products (CVE-2022-22675 exploited in the wild)

Apple has released security updates for Apple iOS 15.5, iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, tvOS 15.5, watchOS 8.6, and other products.

Apple is aware of known exploits in the wild for a zero-day vulnerability CVE-2022-22675 that affects macOS Big Sur, watchOS, and tvOS.

A remote attacker could exploit some of these vulnerabilities to take control of unpatched systems.

Zero-day CVE-2022-22675

According to Apple, CVE-2022-22675 has been patched in macOS Big Sur 11.6.6, tvOS 15.5, and watchOS 8.6.

“Apple is aware of a report that this issue may have been actively exploited,” Apple wrote in each of the advisories.

Each of the Apple updates address an out-of-bounds write issue, which could allow an application to execute arbitrary code with kernel privileges.

iOS 15.5 and iPadOS 15.5

The latest iOS 15.5 and iPadOS 15.5 security update released on May 16, 2022 addressed 34 vulnerabilities, 8 of those may allow an attacker to execute arbitrary code with kernel privileges.

The update is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

macOS Monterey

Apple also released a security update for macOS Monterey 12.4 that patched a large number (72) of vulnerabilities, 7 that could allow a malicious application to execute arbitrary code with kernel privileges.

Moreover, the updates fixed other vulnerabilities in CVMS (2) and Appkit (1) that could enable a malicious application to gain root privileges.

Other Apple updates

Finally, Apple released additional security updates in the following Apple products:

Readers can check out the Apple’s Security Updates page for more details.

Related Articles