As soon as critical weaknesses are discovered, Apple releases an emergency patch to address the problem.
Unspecified hackers may have already exploited two zero-day security weaknesses in iOS 15 and macOS 12 Monterey, which Apple patched as of today (March 31).
It’s time to upgrade if you’re using an iPhone 6s, the first generation of the iPhone SE, or a Mac that can run Monterey. Similarly, all iPad Pro devices, iPod Touch 7th generation models, iPad Air 2 and subsequent models, and iPad 5th generation models are covered.
iOS 15.4.1, iPadOS 15.4.1 and macOS Monterey12.3.1 were all published today and should be used with these devices. Although they received upgrades today, Apple’s watchOS and tvOS seem to lack security fixes.)
If an update is available, your Apple device should notify you. To update your iPhone or iPad’s software instead, go to Settings > General > Software Update or System Preferences > Software Update.
Vulnerabilities deep inside the kernel
Two security flaws have been addressed in the Mac OS X release. An app may access kernel memory, the operating system’s innermost workings, by exploiting a flaw in Intel’s graphics driver (CVE-2022-22674).
There are a variety of ways in which current operating systems keep things secure: passwords, digital verification signatures, and so on.
The second vulnerability, CVE-2022-22675, is a bug in the AppleAVD media decoder, which may be exploited by malicious users. According to Apple’s security bulletin, an application might “run arbitrary code” with “kernel privileges.”
If an app can do everything it wants on your Mac, iPhone, or iPad, it’s practically in God mode.
On iOS and iPadOS, only CVE-2022-22675 was addressed in today’s releases, making it a cross-platform issue. Obviously, it sounds just as bad on mobile devices as it does on a computer.
In the United States, information security issues are referred to as “CVE” (for “common vulnerabilities and exposures”).
This issue was reported to Apple by a “anonymous researcher.”
Who is responsible for these attacks?
Malicious apps must first infiltrate your computer’s operating system before they can do their nasty work, but this isn’t impossible if the programme exploits a “zero-day” hole that Apple doesn’t know about until the virus has already been deployed.
“Apple is aware of a report that this problem may have been actively exploited,” reads the disclaimer accompanying each of these issues.
In other words, these vulnerabilities have already been exploited to infiltrate Macs, iPhones, and iPads. Even though Apple hasn’t revealed the identity of the perpetrator, it’s likely a nation-state hunting out political dissidents or any other unwanted subgroup.
Apple iOS weaknesses have been leveraged by China and Middle Eastern petrostates to spy on dissidents and human-rights advocates in recent years.
So, are these vulnerabilities likely to be used against you? Most likely not, at least not quite yet.
Update your iDevices nevertheless, since as you read this, criminal hackers who are significantly less selective in who they target are dissecting Apple updates and attempting to find out how these vulnerabilities might be exploited. It’s just a matter of time until these holes are exploited in a wide-ranging cyberattack.
Some customers have complained about battery depletion after getting the iOS 15.4 upgrade, and the iOS 15.4.1 update fixes this problem as well as other security issues.