Apple on Thursday released fixes for two critical zero-day vulnerabilities affecting Phone, iPad, and Macintosh that give hackers access to the internals of the OSes which the devices run.
Dan Goodin for Ars Technica:
Apple credited an anonymous researcher with discovering both vulnerabilities. The first vulnerability, CVE-2022-22675, resides in macOS for Monterey and in iOS or iPadOS for most iPhone and iPad models. The flaw, which stems from an out-of-bounds write issue, gives hackers the ability to execute malicious code that runs with privileges of the kernel, the most security-sensitive region of the OS.
CVE-2022-22674, meanwhile, also results from an out-of-bounds read issue that can lead to the disclosure of kernel memory.
CVE-2022-22674 and CVE-2022-22675 are the fourth and fifth zero-days Apple has patched this year.