Last Updated: 2022-03-31 22:05:58 UTC
by Johannes Ullrich (Version: 1)
Apple today patched two flaws in macOS. One of the flaws has also been fixed for iOS and iPadOS. The AppleAVD flaw patched in across all the operating systems is critical as it allows arbitrary code execution with kernel privileges, and the flaw has been actively exploited.
The second vulnerability, an out-of-bounds read issue for kernel memory, only affects macOS and may be useful to exploit other vulnerabilities.
You probably should patch quickly given that the more severe flaw is already being exploited.
|CVE-2022-22675 [Critical] AppleAVD
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
|CVE-2022-22674 [important] Intel Graphics Driver
An out-of-bounds read issue may lead to the disclosure of kernel memory and was addressed with improved input validation. Apple is aware of a report that this issue may have been actively exploited.
An application may be able to read kernel memory