A New macOS Update Patches Two Big Security Risks

Apple has started rolling out a fresh macOS update, and if you currently own Mac hardware, you should install the latest software update right away. The company says macOS 12.3.1 patches two zero-day vulnerabilities that may have been exploited by bad actors. Designated as CVE-2022-22675 and CVE-2022-22674, the first one could allow a bad actor to run harmful code with kernel-level privileges, while the other one grants read access to kernel memory. Simply put, kernel-level privileges can allow a bad actor to install malicious programs and tamper with data stored on a device.

Of the two zero-day vulnerabilities mentioned above, the second one was associated with Intel Graphics Driver, which means it only affects Mac hardware with Intel CPUs inside and not the newer models with the in-house M-series silicon. The first one, which allows arbitrary code execution, is linked to an audio and video decoding component called AppleAVD. A zero-day vulnerability that is known to have been exploited in the wild is no laughing matter, but thanks to macOS Monterey 12.3.1, Apple claims to have shut the doors on potential risks moving forward. The update began rolling out yesterday and has already started reaching Mac users.

It's raining zero-days for Apple this year

Aside from patching two security flaws, the update also fixes a couple of nagging issues. Mac users have recently complained about Bluetooth-enabled devices such as game controllers randomly disconnecting while playing music. That problem has been resolved with the latest macOS update. Another bug that kept an external display from turning on when connected to a Mac mini via a USB-C or Thunderbolt port has also been patched. Moreover, MacBook Pro models from 2021 that have been unable to update to install macOS Monterey 12.3 can now breathe a sigh of relief as well.

So far, Apple has tackled five zero-day flaws this year, and we're only three months into 2022. But it's not just macOS that Apple is paying attention to. With the iOS 15.4.1 and iPadOS 15.4.1 updates that began rolling out yesterday, Apple is patching a zero-day vulnerability targeting its phones and tablets that may have been actively exploited. The latest iOS update also fixes a battery drain issue that has been plaguing iPhone users ever since iOS 15.4 was seeded via the stable channel.