Two Vulnerabilities affecting Apple macOS exploited-in-the-wild

THREAT LEVEL: Red For a detailed advisory, download the pdf file here Two zero-day vulnerabilities were discovered in macOS Monterey versions prior to 12.3.1. These new issues bring the total number of zero-day vulnerabilities discovered in the Apple ecosystem to four. CVE-2022-22674 is an out-of-bounds read vulnerability in the Intel Graphics Driver module that could allow a malicious actor to read kernel memory. CVE-2022-22675 is defined as an out-of-bounds write vulnerability in AppleAVD, an audio and video decoding component, that could allow an application to execute arbitrary code with kernel privileges. This vulnerability is been exploited in-the-wild and we suggest organizations upgrade to macOS Monterey 12.3.1. Potential MITRE ATT&CK TTPs are: TA0042: Resource Development TA0040: Impact TA0001: Initial Access TA0002: Execution TA0003: Persistence TA0004: Privilege Escalation TA0005: Defense Evasion TA0009: Collection T1588: Obtain Capabilities T1588.006: Obtain Capabilities: Vulnerabilities T1190: Exploit Public-Facing Application T1565: Data Manipulation T1059: Command and Scripting Interpreter T1574: Hijack Execution Flow T1005: Data from Local System Vulnerability Details Patch Links https://support.apple.com/en-us/HT213220 References https://thehackernews.com/2022/03/apple-issues-patches-for-2-actively.html