Apple has released security updates to address two zero-day vulnerabilities in its mobile and desktop operating systems that the tech giant said may have been exploited by hackers.
The flaws were fixed as part of iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1 updates.
The first vulnerability (CVE-2022-22674) is an out-of-bounds read issue that exists due to a boundary condition within Intel Graphics Driver. By exploiting this bug, a local user can trigger an out-of-bounds read error and read contents of kernel memory.
The second flaw, tracked as CVE-2022-22675, has been described as an out-of-bounds write vulnerability in an audio and video decoding component called AppleAVD that could allow a malicious application to execute arbitrary code with kernel privileges.
Apple said that it is aware of reports that both of vulnerabilities “may have been actively exploited,” but it didn’t provide any additional information regarding attacks targeting these bugs.