Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices


The vulnerability, identified as CVE-2022-22675, is an out-of-bounds write vulnerability in AppleAVD, an audio and video decoding component that could allow an application to execute arbitrary code with kernel privileges.

In addition to correcting CVE-2022-22675, the current version of macOS Monterey includes a remedy for CVE-2022-22674, an out-of-bounds read problem in the Intel Graphics Driver module that might allow a malicious actor to read kernel memory.

Read More…