April 4, 2022
Apple Patches 2 Exploited in the Wild macOS 0-Days
Apple has released an emergency update to macOS ‘Monterey’, patching 2 exploited in the wild 0-day vulnerabilities, one of which allows for arbitrary code execution with kernel privileges.
- CVE-2022-22675 – An out-of-bounds write issue may allow an application to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
- CVE-2022-22674 – An out-of-bounds read issue may lead to the disclosure of kernel memory. Apple is aware of a report that this issue may have been actively exploited.
- macOS ‘Monterey’ prior to version 12.3.1.
CYREBRO recommends updating macOS ‘Monterey’ to version 12.3.1 or newer to mitigate the vulnerabilities.