Apple’s latest iOS and macOS updates patch two zero-day vulnerabilities
Apple has rolled out updates for its mobile, tablet and office operating systems, and they come with a fix for two zero-day vulnerabilities. As Ars-Technica notes, bugs can give bad actors access to operating systems internals if exploited. Apple said in its release notes that it is aware of “a report that [the issues] may have been actively exploited,” but it did not say whether it found any bugs used to gain access to customer devices. The tech giant attributes the discovery of the vulnerabilities to “an anonymous researcher.”
One of the vulnerabilities called CVE-2022-22675 affects all three operating systems and gives hackers a way to execute malicious code with kernel privileges. This means that they can gain full access to their target’s system and hardware. The other vulnerability, CVE-2022-22674, affects macOS and could lead to “kernel memory disclosure” or the memory used by an operating system. These are the fourth and fifth zero days that Apple has patched this year so far, including one that can be exploited to track sensitive user information.
In addition to fixing the zero-day vulnerability affecting iPhones, iOS 15.4.1 also remedies a problem caused by the previous update. Apparently, iOS 15.4 came out with a bug that could cause an iPhone to drain battery faster than expected. The update fixes an issue that could also cause Braille devices to become unresponsive.