Apple recently addressed two critical zero-day vulnerabilities following the launch of iOS 15.4.1 and macOS Monterey 12.3.1.
The bugs which are affecting several devices such as iPhones, iPads, and Macs have undergone patching to prevent the hackers from accessing them.
Apple Fixes Zero-Day Exploits
Apple recently fixed two critical zero-day vulnerabilities following the release of updates for iOS 15.4.1 and macOS Monterey 12.3.1.
According to a report by 9to5Mac on Thursday, March 31, Apple fixed the two critical exploits that are hitting the iOS and macOS devices.
The first vulnerability with the codename CVE-2022-22675 relies on exploiting the apps by arbitrary code execution. The code is said to have kernel privileges.
The second exploit (CVE-2022-22674) was discovered dwelling on the Intel Graphics drivers. The target is limited to macOS devices. The Cupertino giant found out that this security threat could impact the kernel memory.
The iPhone maker said that this solution is credited to an anonymous researcher who fixed the critical zero-day vulnerabilities.
To have a clearer look at Apple's security report about these vulnerabilities, click here to learn more about these documents: iOS and macOS.
Related Article: Apple Resolves Three Zero-Day Vulnerabilities Mainly From XCSSET Malware --Two of Them Are From Apple TV 4K, HD Devices
Apple Zero-Days Are Widespread
This year, the tech titan has already encountered three zero-days which it patched immediately. Having said that, Apple said that the CVE-2022-22674 is the fourth zero-day to be patched while CVE-2022-22675 is the fifth vulnerability in 2022, per Ars Technica.
Two months ago, Apple began its patching operations in different OS including iOS, iPadOS, macOS, watchOS, tvOS, and HomePod Software. At that time, the Cupertino firm spotted that there was a memory corruption flaw that was disrupting the OS.
Additionally, the team found out that it can pull off code execution with kernel privileges. Apple took note of this incident and wrote the detected bug as CVE-2022-22674 and CVE-2022-22675 which had thrived in the IOMobileFrameBuffer.
Another exploit dubbed CVE-2022-22594 was fixed. Based on their previous findings, this particular bug can compromise the user's information by tracking them across various websites.
The following month, another bug appeared and one of the most notable vulnerabilities emerged in the Webkit browser engine. These servers serve as a portal for hackers to inject malware into iPhones, iPads, and iTouches. Apple identified this bug as CVE-2022-22620.
Speaking of the total number of zero-days, the security team of Google managed to solve 12 of them last year. Some of them include the famous Pegasus spyware and a pair of zero-days that hit several devices back in May 2021.
Microsoft Zero-Day Patch
In other news, Microsoft has implemented some key solutions to stop zero-day hacks on its Chromium-based browsers, Tech Times reported last week. The Redmond firm released a fix intended for the Edge browser. This is similar to what Google released for its Chrome update.
It's always important to regularly check for updates on your device and browser. In doing so, you can stay protected against potential hacks from cybercriminals.
Read Also: Apple Zero-Day: Update Your iPhone, iPad, Mac, and MORE with the Emergency Patch Immediately
This article is owned by Tech Times
Written by Joseph Henry
