Apple patches fourth and fifth zero-days of 2022 for macOS, iOS, and iPadOS
On Thursday, March 31, Apple released patches to fix two zero-day vulnerabilities in macOS, iOS, and iPadOS.
A vulnerability in AppleAVD (CVE-2022-22675), Apple’s audio and video decoding framework, affects all three operating systems and may have been actively exploited. When exploited, the vulnerability may allow a threat actor to execute arbitrary code with kernel privileges.
A second vulnerability, CVE-2022-22674, is an out-of-bounds read issue with the Intel Graphics Driver that may allow an application to view kernel memory. This affects only macOS, and may have also been exploited in the wild.
Why are kernel-related vulnerabilities dangerous?
Kernel-related exploitations can be particularly dangerous as the kernel is a central component to operating systems (OS) that connects the physical hardware (CPU, memory, etc.) with the software on the operating system. If an attacker can obtain kernel-level privileges they may be able to control any part of the OS, execute code in sensitive memory regions, and control most processes.
macOS update details and recommended remediation
Apple released macOS Monterey 12.3.1 to remediate two potentially actively-exploited vulnerabilities:
CVE-2022-22675, the AppleAVD vulnerability that may lead to arbitrary code execution with kernel privileges
CVE-2022-22674, an out-of-bounds read vulnerability in the Intel Graphics driver that may allow an application to read kernel memory
Additional details can be found in Apple’s macOS security update.
If you’re running macOS Monterey, be sure to update your systems as Apple notes both vulnerabilities may have been exploited in the wild already. If you’re an Automox customer with vulnerable devices, and have an existing patch policy for them, they should patch at the next scheduled update after a scan.
iOS and iPadOS update details and recommended remediation
Apple released iOS and iPadOS 15.4.1 to remediate the actively-exploited vulnerability in Apple AVD, CVE-2022-22675, that may allow for arbitrary code execution with kernel privileges. Additional details on the vulnerability can be found on Apple’s iOS security update.
If you have vulnerable iOS or iPadOS devices in your organization, we recommend enforcing a software update to remediate this vulnerability, which may be actively exploited.
Apple zero-day history
These zero-days bring Apple’s 2022 total to five, including this Webkit browser engine flaw that we previously covered in February. According to Threatpost, Apple released patches for a total of 12 zero-days in 2021, so we’re likely to meet or exceed that number in 2022, if you believe we’ll continue at the same rate.
You’re likely running more than just Apple in your environment, so the only way to proactively protect against threats (and keep yourself sane) is to adopt automated patching across your organization. There are simply too many devices, applications, and users today to accept anything else.
Automox for Easy IT Operations
Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day.
Demo Automox and join thousands of companies transforming IT operations into a strategic business driver.