Apple emergency update fixes issues leading to iPhone and Mac hacks

The emergency update released to patch two serious zero-day vulnerabilities

Fifth zero-day flaw patched with the recent security update Apple releases

Apple aims to address two zero-day vulnerabilities exploited by malicious attackers with the security updates released on Thursday. These flaws can be used to successfully hack iPhones, iPads, Mac computers.^[1] These patches for mobile and desktop operating software are a part of updates to iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1. These vulnerabilities have been reported to Apple, not publicly addressed by any researchers.

These zero-day security bugs are the vulnerabilities that software vendor has not patched.^[2] The report from Apple,^[3] notes that these issues can still be actively exploited, so these updates are crucial and important to roll out.

Possibly affected devices include Macs running the Monterey, iPhone 6s and later versions, iPad Pro models, iPad Air 2 and later, iPad 5th and later, iPad mini 4 and later, iPod touch 7th generation.

Abusing the security vulnerability like a zero-day flaw can end in targeted attacks. It is strongly advised to upgrade machines and install these updates to block potential attack attempts right away. These two are the fourth and the fifth of zero-days that Apple had to patch this year alone.

Out-of-bounds security vulnerabilities

It is possible that these flaws have been used in exploits already and might still be exploitable right now, but there are no details on these security flaws that Apple could provide. Hopefully, these needed patches and updates reach the machines before any possible threat actor picks up on these possibilities. These two zero-day flaws are:

• Out-of-bounds read issue tracked as CVE-2022-22674 in the Intel Graphics Driver allows reading kernel memory.
• Out-of-bounds write flaw – CVE-2022-22675 in the APpleAVD media decoder enables applications to execute any arbitrary code with particular kernel privileges.

Apple had to save machines back in January when patches for two other actively exploited zero-day flaws got released.^[4] These flaws enabled the arbitrary code execution with kernel privileges and managed to track web browsing activity and users' identities in real-time. February was another time for the security update due to the bug exploited to hack iPhones, Macs, and iPads. Exploitation also led to OS crashes and remote code execution.

Zero-day flaws are becoming more popular and more dangerous

Hackers are getting faster, and this is going to be a huge problem. These vulnerabilities are often exploited before the software vendors manage to discover them, or researchers report about active exploits before the issue is detected and fixed.^[5]

Crooks search for vulnerable applications and software all the time, so patching and updating systems when the opportunity presents itself is crucial. With exploits like this in 2021, hackers took way less time than with attacks back in 2020. The average time of exploitation in 2020 – is 42 days, in 2021 – 12 days.

The fact that most of the exploits were attempted before the vendor released a patch for the particular zero-day flaw shows that attackers obtain such information before the software developers themselves. Most of the attacks start with the zero-day exploit. It can be ransomware deployment or cyber espionage. Researchers state that 52% of these widespread threats began with zero-day flaw exploitation in 2021. This might be a trend of 2022 too.