The National Telecommunication and Information Security Board (NTISB) has issued an advisory regarding bugs in Apple devices and has asked its users to update them as soon as possible to patch the bugs.
According to the advisory, Apple rushed out patches for two zero-days affecting macOS and iOS that allow the threat actor to disturb or access kernel activity. Vulnerabilities CVE-2022-22675 for macOS/iOS and CVE-2022-22674 for macOS have been identified and users have been advised to be careful and update their devices.
Apple released security updates for macOS Monterey 12.3.1, iOS 15.4.1, iPadOS 15.4.1, tvOS 15.4.1, and watchOS 8.5.1 a few days ago.
According to the details, the vulnerability listed as ‘CVE-2022-22674’ exists in the Intel Graphics Driver, which may lead to the disclosure of kernel memory. The issue was addressed with improved input validation.
The vulnerability CVE-2022-22675 exists in the AppleAVD audio and video decoding component and is described as an out-of-bounds write issue. The vulnerability was addressed with improved bounds checking.
