Apple's Most Recent iOS and macOS Releases Fix Two Zero-Day Flaws
Share
A Power Depletion Issue is also Fixed in iOS 15.4.1
Apple has opted to put an estimated 35–40 % of all supported Macs at risk of being actively abused. Apple patched two "actively exploited" (i.e. in-the-wild, zero-day) security vulnerabilities for macOS Monterey last week, on March 31. Apple has still not published appropriate security upgrades to address the same vulnerabilities in the two prior macOS releases, Big Sur (aka macOS 11) and Catalina (aka macOS 12), after nearly a week (aka macOS 10.15). Both of these macOS versions are still receiving patches for "significant vulnerabilities," which would likely include actively exploited zero-day vulnerabilities. For nearly a decade, Apple has continued to fix the two previous macOS versions alongside the current macOS version. Apple, on the other hand, has failed to patch both Big Sur and Catalina in order to address the most recent actively exploited vulnerabilities. Apple has released updates for its mobile, tablet, and desktop operating systems, which include a cure for two zero-day flaws. If abused, the defects can offer bad actors access to the internals of operating systems, according to Ars Technica. Apple stated in its patch notes that it is aware "of a report that the issues> may have been actively exploited," but it did not elaborate on whether the bugs have been utilised to obtain access to consumers' devices. The flaws were discovered by "an unidentified researcher," according to the tech giant. CVE-2022-22675 is one of the vulnerabilities that affects all three operating systems and allows hackers to run malicious code with kernel privileges. That means they have complete access to the system and hardware of their target. The other vulnerability, CVE-2022-22674, affects macOS and might result in the "exposure of kernel memory," or operating system memory. They're the fourth and fifth zero-day vulnerabilities Apple has patched this year, including one that may be used to track sensitive user data. iOS 15.4.1 not only fixes the zero-day vulnerability that affects iPhones, but it also fixes a problem that was triggered by the previous version. According to reports, iOS 15.4 contains a flaw that causes an iPhone's battery to deplete faster than normal. The update also addresses a problem that may cause Braille devices to become unresponsive.