Apple have released a fix for the first two zero-day vulnerabilities of 2022 - Affecting MacOS, iOS
Updated: May 6, 2022
Apple releases security update to fix two zero-day vulnerabilities. Successful exploitation of this bug leads to arbitrary code execution with kernel privileges on compromised devices. The first zero-day is a memory corruption issue and the second is a Safari Web-kit issue!
iPhone 6s and later
iPad Air 2 and later
iPad 5th generation and later
iPad mini 4 and later
iPod touch (7th generation)
CVE-2022-22584-Processing a maliciously crafted file may lead to arbitrary code execution
CVE-2022-22594-A website may be able to track sensitive user information
CVE-2022-22587-A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
CVE-2022-22579-Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution
CVE-2022-22590-Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2022-22592-Processing maliciously crafted web content may prevent Content Security Policy from being enforced
It is recommended to update apple devices to their latest available version.