Yesterday’s iOS 15.4.1 update for iPhone and iPad brought fix for the battery drain issue. But it looks like that is not the only thing that Apple has fixed in the most recent releases, which also includes macOS Monterey 12.3.1.
Apple says it is has fixed two zero-day exploits that may have been ‘actively exploited’ in the wild.
The details were shared on Apple’s security content website. The first zero-day exploit that has been fixed is for AppleAVD. Apple says the exploit allowed malicious apps to execute arbitrary code with kernel privileges. Apple has credited an anonymous researchers for discovering the CVE-2022-22675 vulnerability.
Apple has also fixed a zero-day vulnerability in macOS Monterey 12.3.1 related to Intel Graphics Driver. This exploit allowed an application to read kernel memory. Again, Apple has credited an anonymous researcher for discovering CVE-2022-22674.
If you’re not familiar with the term zero-day exploit, it is an exploit that is newly discovered and was previously unknown to the developer and maker of the software. Before Apple discovered the exploit and fixed it, it may have been actively exploited by hackers.
It is recommended that every user upgrades to iOS 15.4.1 and macOS Monterey 12.3.1 in order to avoid getting their device exploited by hackers using these vulnerabilities.
What does AppleAVD bug mean for jailbreak?
Since this was a zero-day vulnerability found in iOS 15.4 or lower, which could have been used to run apps and execute arbitrary code with kernel privileges this is definitely something jailbreak developers working on getting an iOS 15.4 jailbreak would look into. However it is too early to say if this exploit can be used for the development of a jailbreak.