May 17, 2022 

Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days

Apple has released security updates to address 2 zero-day vulnerabilities actively exploited in the wiled in attacks targeting Macs and Apple Watch devices. 

Overall, Apple has patched 50 vulnerabilities in Apple macOS Big Sur 11.6.6,  including several arbitrary code execution and privilege escalation vulnerabilities, affecting several products.
The full updated products list can be found on the Apple security updates page. 

The Zero-Days Vulnerabilities

The Zero-Days vulnerabilities are in macOS Big Sur 11.6.6, In 2 different drivers, having 2 CVEs: 

• CVE-2022-22674– An out-of-bounds read issue, may lead to the disclosure of kernel memory. 
• CVE-2022-22675 – An out-of-bounds write issue. may lead to arbitrary code execution with kernel privileges. 

Vulnerable Products

• macOS Big Sur prior to version 11.6.6. 
• watchOS prior to version 8.6. 

• tvOS prior to version 15.5. 

Mitigation

CYREBRO updating relevant products up to the latest available releases in accordance with Apple’s advisory. 

References: Apple Security Updates