Apple's Zero-Day Woes Continue

Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year.

3 Min Read
Silhouette of a hand holding a magnifying glass in front of the Apple logo
Source: Ink Drop via Shutterstock

Apple's expanding footprint in enterprise organizations appears to have made its technologies a growing focus area for security researchers.

The company this week rushed out emergency patches for two zero-day vulnerabilities in its macOS and IOS technologies that the company said are being actively exploited. The flaws are present in macOS Catalina, BigSur, and Monterey; in devices running iOS and iPadOS; and Apple tvOS and watchOS.

One of the two zero-days for which Apple issued an update this week exists in the AppleAVD media file decoder that is present in multiple supported macOS versions as well as iOS and iPadOS. Apple's sparse vulnerability disclosure described the flaw (CVE-2022-22675) as resulting from an out of bounds write issue and providing attackers with an opportunity to execute arbitrary code at the kernel level. Apple said it is aware of a report about the flaw being actively exploited.

Apple's latest macOS Monterey 12.3.1, iOS 15.4.1, and iPadOS 15.4.1 includes "improved bounds checking" to address the issue, the company noted.

The second zero-day for which Apple issued a fix (CVE-2022-22674) exists in macOS and has to do with an out-of-bounds read issue that enables application to read kernel memory. The flaw, which also is being actively exploited, might lead to the contents of kernel memory being disclosed, Apple said in another advisory with very little information.

The flaws are the latest in a growing number of zero-day vulnerabilities that researchers have discovered in Apple's products in recent months. The latest disclosures bring to at least four the total number of zero-days that Apple has disclosed this year alone. In January, the company disclosed two similar zero-days, at least one of which was likely being exploited at the time of patch release.

In 2021, as many as 12 of 57 zero-day threats — or more than 20% — that researchers from Google's Project Zero tracked were Apple related. Impacted technologies included Apple's macOS, iOS, iPadOS, and WebKit. In several cases, the flaws were being actively exploited by the time Apple had released a fix for them.

Exacerbating the issue is the emergence of malware targeted at Mac and iOS environments. A study of Apple malware in 2021 that security researcher Patrick Wardle released in Jan. 2022 showed there were at least eight significant malware tools last year that targeted macOS. The list included ElectroRAT, a cross-platform malware for remote code execution; Silver Sparrow, targeted at Apple's M1 chip-based systems; and MacMa, a macOS implant believed to be the work of a nation-state actor.

Growing Focus Area
One reason for the growing number of flaws could be increasing code complexity, says Mike Parkin, senior technical engineer at Vulcan Cyber. As code gets more complex, there's a higher chance of vulnerabilities creeping into it. "Apple's iOS and MacOS code bases have been evolving for years, growing more complex, so it would not be surprising to see more vulnerabilities emerge."

Another likely possibility is that threat actors are seeing greater returns from attacking the Apple ecosystem, Parkin says. "There are millions of iOS and MacOS users in the world, and the attackers will focus on where they can get the most mileage out of their efforts," he says.

A global survey that Dimensional Research conducted last year for Apple device management vendor Kandji found that employee use of Apple devices has grown significantly over the past two years, at least partly because of increased remote work. Seventy-six percent of survey respondents said more employees at their organizations were using Apple devices — Mac notebooks specifically — compared to two years ago.

"Threat actors aren't going to abandon other threat surfaces, but their economics may have shifted to make the Apple space more inviting," Parkin says.

About the Author(s)

Jai Vijayan, Contributing Writer

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights