April 4, 2022 

Apple Patches 2 Exploited in the Wild macOS 0-Days

Apple has released an emergency update to macOS ‘Monterey’, patching 2 exploited in the wild 0-day vulnerabilities, one of which allows for arbitrary code execution with kernel privileges.

The Vulnerabilities

• CVE-2022-22675 – An out-of-bounds write issue may allow an application to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
• CVE-2022-22674 – An out-of-bounds read issue may lead to the disclosure of kernel memory. Apple is aware of a report that this issue may have been actively exploited.

Vulnerable Products

• macOS ‘Monterey’ prior to version 12.3.1.

Mitigation

CYREBRO recommends updating macOS ‘Monterey’ to version 12.3.1 or newer to mitigate the vulnerabilities.

References: Apple Advisory