Threat Watch

Apple Emergency Update Fixes Zero-Days Used to Attack iPhones, Macs

Apple released security updates on Thursday to address two zero-day vulnerabilities exploited by attackers to hack iPhones, iPads, and Macs. Zero-day security bugs are flaws the software vendor is unaware of and hasn’t patched. In some cases, they also have publicly available proof-of-concept exploits or may be actively exploited in the wild.

In security advisories published today, Apple said that they are aware of reports that the issues “may have been actively exploited.” The two flaws are an out-of-bounds write issue (CVE-2022-22674) in the Intel Graphics Driver that allows apps to read kernel memory and an out-of-bounds read issue (CVE-2022-22675) in the AppleAVD media decoder that could enable apps to execute arbitrary code with kernel privileges. The bugs were reported by anonymous researchers and fixed by Apple in iOS 15.4.1, iPad OS 15.4.1, and macOS Monterey 12.3.1 with improved input validation and bounds checking, respectively.

The list of impacted devices includes:

  • Macs running macOS Monterey
  • iPhone 6s and later
  • iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Apple disclosed active exploitation in the wild, however, it did not release any additional info regarding these attacks. Withholding this information is likely designed to allow the security updates to reach as many iPhones, iPads, and Macs as possible before threat actors pick up on the details and start abusing the now-patched zero-days.


Even though these zero-days were likely only used in targeted attacks, it is still strongly advised to install today’s security updates as soon as possible to block potential attack attempts.