Just a couple of days after Google announced a high-risk zero-day vulnerability in Chrome, Apple disclosed two zero-day vulnerabilities affecting their operating system on both mobile and desktop devices. The company has already issued updates for its iOS and macOS users.
The patched versions are as follows:
- iOs and iPadOS: 15.4.1
- macOS Monterrey: 12.3.1
- tvOS: 15.4.1
- watchOS: 8.5.1
As for the Apple zero-day exploits, they were reported anonymously. According to the statement, the one tracked as CVE-2022-22675 was described “as an out-of-bounds write vulnerability in an audio and video decoding component called AppleAVD that could allow an application to execute arbitrary code with kernel privileges.”
The other one, CVE-2022-22674, was related to “an out-of-bounds read issue in the Intel Graphics Driver module that could enable a malicious actor to read kernel memory.” Although Apple assured that the exploits were resolved, they explained that “these issues may have been actively exploited.”
This is yet another example of what Google observed a while ago: zero-day vulnerabilities are on the rise. There’s not a unique reason for this - they actually pointed to an increase both in exploits and reports - but there should be a similar reaction to all of them: quick patching of all the devices at risk.
And that’s rather simple if you have complete control over all of them. However, if you’re an asset manager or an application administrator, updating every device in the company can be really tricky.
Luckily, there is software out there that can make the task look like a piece of cake.
Apple zero-day: spot devices that need update in your company with InvGate Insight
Did you know that you can have in your hand a list of devices that need patching with just a few clicks? InvGate Insight is the perfect tool to manage all the assets across your company. It not only lists the existing devices but also gathers a whole amount of data on each one of them.
Therefore, to deal with an event like an emergency update, you can simply filter your assets by the operating system and spot the ones you should focus on. You should see something like the following image. After that, you can export it in CSV and give it to one of your agents to patch.
Sounds pretty amazing, right? To show you that we’re not kidding, check out this video we created with the same procedure, to find outdated software. In less than 60 seconds, InvGate Insight solved the issue of spotting the assets that needed to be updated and their owner information. Meanwhile, it saved you the trouble of looking for them manually or sending mass communications.
Zero-day vulnerabilities are expected to grow, so this is something that will happen over and over again. Make sure you’re ready for them with the best technology on your side!