The latest release pushes out fixes for a pair of zero-day vulnerabilities that researchers have seen actively exploited in the wild.

The flaws in question are being tracked as CVE-2022-22674 and CVE-2022-22675 respectively. The former is an out-of-bounds write issue in an Intel Graphics driver and the latter is an out-of-bounds-read issue in the AppleAVD media decoder that would allow an attacker to execute arbitrary code with kernel privileges.

Impacted devices include the iPhone 6S and newer, the iPad Pro (all models), the iPad Air 2 and later, iPad 5 ^th generation and later, iPad mini 4 and later, and the iPod Touch (7 ^th generation).  Also note that users with Macs running macOS Monterey are at risk.

To make sure you're protected download and install the iOS 15.4.1, the iPadOS 15.4.1, or the macOS Montery 12.3.1 update as appropriate for your device.

It's still early in 2022 and so far, Apple has pushed out three zero-day patches this year resolving a total of five different zero-day issues.

In January 2022, the company's first zero-day patch was pushed out resolving CVE-2022-22587 and CVE-2022-22594. Those allowed attackers to execute arbitrary code with kernel privileges and track web browsing activity in real time.

Then in February, Apple released another patch to address a new zero-day exploit that allowed attackers to hack iPhones, iPads, and Macs, leading to OS crashes and arbitrary code execution.

It appears 2022 is shaping up a lot like 2021.  Last year, Apple faced a seemingly endless stream of zero-day exploits and spent much of the year busily pushing fixes out the door.  Here's hoping this year will be at least somewhat calmer on that front!

Used with permission from Article Aggregator