Apple has released updates for many of its operating systems, fixing vulnerabilities that the technology giant says could be under active exploitation.
The identification of this vulnerability is CVE-2022-22675 and affects macOS, iOS, and iPadOS.
Vulnerability explanation: An error in the audio and video decoder that allows an application to run arbitrary code with kernel privileges. The update is included in iOS 15.4.1 and iPadOS 15.4.1, which is available for
- iPhone 6s and newer versions,
- iPad Pro, iPad Air 2 and newer,
- iPad 5th generation and newer,
- iPad mini 4 and newer, and
- 7th generation iPod touch.
This iOS update also solved the problem of draining the battery.
Another update, released only for macOS Monterey, was CVE-2022-22674 which allows an application to read kernel memory.
“The problem with reading can lead to kernel memory discovery and is solved by improved input validation,” Apple said in a typically short statement. “Apple is aware of reports that this issue may have been actively exploited.”
Earlier this year, Apple also released iOS 15.3.1 due to the threat of actively exploited remote error.. In that case, just visiting the website can lead to arbitrary code execution.