Apple has rolled out updates for its mobile, tablet and desktop operating systems, and they come with a fix for two zero-day vulnerabilities. As Ars Technica notes, the bugs can give bad actors access to the internals of the operating systems if exploited. Apple said in its patch notes that it's aware "of a report that [the issues] may have been actively exploited," but it didn't expound on whether it has detected instances of the bugs being used to gain entry to customers' devices. The tech giant attributes the vulnerabilities' discovery to "an anonymous researcher."
One of the vulnerabilities called CVE-2022-22675 affects all three operating systems and gives hackers a way to execute malicious code with kernel privileges. That means they can get complete access to their target's system and hardware. The other vulnerability, CVE-2022-22674, affects macOS and could lead to the "disclosure of kernel memory" or the the memory used by an operating system. They're the fourth and fifth zero-days Apple has fixed this year so far, which includes one that can be exploited to track sensitive user information.
In addition to fixing the zero-day vulnerability affecting iPhones, iOS 15.4.1 also remedies an issue caused by the update before it. Apparently, iOS 15.4 went out with a bug that could cause an iPhone's battery to drain more quickly than expected. The update fixes an issue that could render Braille devices unresponsive, as well.