Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Apple Patches Actively Exploited Vulnerability in macOS, iOS and iPadOS, - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Patches Actively Exploited Vulnerability in macOS, iOS and iPadOS,

Apple today patched two flaws in macOS. One of the flaws has also been fixed for iOS and iPadOS. The AppleAVD flaw patched in across all the operating systems is critical as it allows arbitrary code execution with kernel privileges, and the flaw has been actively exploited.

The second vulnerability, an out-of-bounds read issue for kernel memory, only affects macOS and may be useful to exploit other vulnerabilities.

You probably should patch quickly given that the more severe flaw is already being exploited. 

Catalina BigSur Monterey tvOS iOS/iPadOS watchOS
CVE-2022-22675 [Critical] AppleAVD
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
    x   x  
CVE-2022-22674 [important] Intel Graphics Driver
An out-of-bounds read issue may lead to the disclosure of kernel memory and was addressed with improved input validation. Apple is aware of a report that this issue may have been actively exploited.
An application may be able to read kernel memory
    x      

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANSFIRE 2022

Johannes

4510 Posts
ISC Handler
Mar 31st 2022

Sign Up for Free or Log In to start participating in the conversation!