Are you an Apple user?

If you have an iPhone, a Mac, or both, you'll want to grab the company's most recent security update.

The latest release pushes out fixes for a pair of zero-day vulnerabilities that researchers have seen actively exploited in the wild.


This affects iPhone and iPad, and a version of macOS

The flaws in question are being tracked as CVE-2022-22674 and CVE-2022-22675 respectively. The former is an out-of-bounds write issue in an Intel Graphics driver and the latter is an out-of-bounds-read issue in the AppleAVD media decoder that would allow an attacker to execute arbitrary code with kernel privileges.

Impacted devices include the iPhone 6S and newer, the iPad Pro (all models), the iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and the iPod Touch (7th generation).  Also note that users with Macs running macOS Monterey are at risk.

To make sure you're protected, download and install iOS 15.4.1, iPadOS 15.4.1, and/or macOS Montery 12.3.1 update as appropriate for your device.


Three zero-day patches already

It's still early in 2022 and so far, Apple has pushed out three zero-day patches this year resolving a total of five different zero-day issues.

In January 2022, the company's first zero-day patch was pushed out resolving CVE-2022-22587 and CVE-2022-22594. Those allowed attackers to execute arbitrary code with kernel privileges and track web browsing activity in real time.

Then in February, Apple released another patch to address a new zero-day exploit that allowed attackers to hack iPhones, iPads, and Macs, leading to OS crashes and arbitrary code execution.


My perspective

It appears 2022 is shaping up a lot like 2021.  Last year, Apple faced a seemingly endless stream of zero-day exploits and spent much of the year busily pushing fixes out the door.  Here's hoping this year will be at least somewhat calmer on that front!


If it isn't...
Fasten your seatbelts… It's going to be a bumpy night


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.

For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.


Contact me if you would like me to speak to your association