The IT Ministry’s Indian Computer Emergency Response Team (CERT-In) has issued an alert regarding multiple vulnerabilities in Apple products.
The vulnerabilities impact Apple iOS Versions prior to 15.4.1, Apple iPadOS Versions prior to 15.4.1 and Apple macOS Monterey Versions prior to 12.3.1.
“Multiple vulnerabilities have been reported in Apple products which could allow an attacker to trigger information disclosure and remote code execution on the targeted system,” the cybersecurity agency said in its alert.
“These vulnerabilities exist in Apple products due to out-of-bounds read, out-of-bounds write in the Intel Graphics Driver and AppleAVD component. A remote attacker could exploit these vulnerabilities by persuading the victim to open a specially crafted file or application.Successful exploitation of these vulnerabilities could allow the attacker to trigger information disclosure and remote code execution on the targeted system,” it said.
Users have been asked to apply necessary software updates as applicable. Apple in its latest software updates for iOS, iPadOS and macOS has issued security fixes for these zero day vulnerabilities.
In its latest update iOS 15.4.1 and iPadOS 15.4.1, Apple has fixed the CVE-2022-22675 vulnerability reported by an anonymous researcher.
“An out-of-bounds write issue was addressed with improved bounds checking,” Apple said in an update.
“An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited,” it said.
Software update
Users are advised to update their software accordingly. The update is available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
The vulnerability has also impacted macOS and has been fixed in Apple’s macOS Monterey 12.3.1 update.
It has also fixed an Intel Graphics Driver issue in the update available for macOS Monterey. The vulnerability CVE-2022-22674 was reported by an anonymous researcher.
“An out-of-bounds read issue may lead to the disclosure of kernel memory and was addressed with improved input validation. Apple is aware of a report that this issue may have been actively exploited,” it explained.