Apple has released security updates for its macOS Big Sur, watchOS, and tvOS operating systems designed to fix multiple security vulnerabilities, including a couple of zero-day flaws that the tech giant said may have been exploited in hacker attacks.
Tracked as CVE-2022-22675, the first issue is a boundary error within the AppleAVD subsystem, which can be exploited by a local user to trigger an out-of-bounds write and execute arbitrary code with kernel privileges.
The second flaw, CVE-2022-22674, is an out-of-bounds read issue that exists due to a boundary condition within Intel Graphics Driver. By exploiting this bug, a local user can trigger an out-of-bounds read error and read contents of kernel memory.
While Apple patched the above vulnerabilities back in March as part of iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1 updates, the company has not updated macOS Big Sur and macOS Catalina. More than a month later, Apple addressed the bugs with the release of macOS Big Sur 11.6., watchOS 8.6, and tvOS 15.5.