Skip to main content

Apple Products Multiple Vulnerabilities

Last Update Date: 20 May 2022 Release Date: 17 May 2022 3686 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Mobile & Apps

TYPE: Mobile & Apps

Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger information disclosure, remote code execution, security restriction bypass, elevation of privilege, denial of service and data manipulation on the targeted system.

 

Note:
CVE-2022-22675 is being exploited in the wild.

The vulnerability is related to the AppleAVD (a kernel extension for audio and video decoding). The vulnerability can exploit the AppleAVD that allows malicious apps to run arbitrary code with kernel privileges on the targeted system.

 

[Updated on 2022-05-20]

Added iTunes for Windows to the "System / Technologies affected" and "Solution" sections


Impact

  • Information Disclosure
  • Remote Code Execution
  • Elevation of Privilege
  • Security Restriction Bypass
  • Data Manipulation
  • Denial of Service

System / Technologies affected

  • Versions prior to Safari 15.5
  • Versions prior to tvOS 15.5
  • Versions prior to Xcode 13.4
  • Versions prior to macOS Catalina Security Update 2022-004
  • Versions prior to macOS Big Sur 11.6.6
  • Versions prior to macOS Monterey 12.4
  • Versions prior to iOS 15.5
  • Versions prior to iPadOS 15.5
  • Versions prior to watchOS 8.6
  • Versions prior to iTunes for Windows 12.12.4

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:
  • Safari 15.5
  • tvOS 15.5
  • Xcode 13.4
  • macOS Catalina Security Update 2022-004
  • macOS Big Sur 11.6.6
  • macOS Monterey 12.4
  • iOS 15.5
  • iPadOS 15.5
  • watchOS 8.6
  • iTunes for Windows 12.12.4

Vulnerability Identifier


Source


Related Link