Apple has released security updates for Apple iOS 15.5, iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, tvOS 15.5, watchOS 8.6, and other products.
Apple is aware of known exploits in the wild for a zero-day vulnerability CVE-2022-22675 that affects macOS Big Sur, watchOS, and tvOS.
A remote attacker could exploit some of these vulnerabilities to take control of unpatched systems.
“Apple is aware of a report that this issue may have been actively exploited,” Apple wrote in each of the advisories.
Each of the Apple updates address an out-of-bounds write issue, which could allow an application to execute arbitrary code with kernel privileges.
iOS 15.5 and iPadOS 15.5
The latest iOS 15.5 and iPadOS 15.5 security update released on May 16, 2022 addressed 34 vulnerabilities, 8 of those may allow an attacker to execute arbitrary code with kernel privileges.
The update is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Apple also released a security update for macOS Monterey 12.4 that patched a large number (72) of vulnerabilities, 7 that could allow a malicious application to execute arbitrary code with kernel privileges.
Moreover, the updates fixed other vulnerabilities in CVMS (2) and Appkit (1) that could enable a malicious application to gain root privileges.
Other Apple updates
Finally, Apple released additional security updates in the following Apple products:
- iTunes 12.12.4 for Windows (for Windows 10 and later)
- Security Update 2022-004 Catalina (for macOS Catalina)
- Safari 15.5 (for macOS Big Sur and macOS Catalina)
- Xcode 13.4 (macOS Monterey 12 and later).
Readers can check out the Apple’s Security Updates page for more details.
- Apple fixes zero-day vulnerabilities in iOS 15.4.1 and macOS Monterey 12.3.1 (with active exploits in the wild)
- Apple releases security updates for iOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3 and other products
- Microsoft May 2022 Security Updates addresses 73 vulnerabilities (7 rated Critical, 1 zero-day)