Partner Program
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Data Sheets
Whitepapers
Press Releases
connect
Webinars & Videos
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoStart Free Trial
Platform
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Data Sheets
Whitepapers
Press Releases
connect
Webinars & Videos
Company
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoStart Free Trial

Two Vulnerabilities affecting Apple macOS exploited-in-the-wild

Threat Level – Amber | Vulnerability Report
Download PDF

THREAT LEVEL: Red

For a detailed advisory, download the pdf file here

Two zero-day vulnerabilities were discovered in macOS Monterey versions prior to 12.3.1. These new issues bring the total number of zero-day vulnerabilities discovered in the Apple ecosystem to four.

CVE-2022-22674 is an out-of-bounds read vulnerability in the Intel Graphics Driver module that could allow a malicious actor to read kernel memory. CVE-2022-22675 is defined as an out-of-bounds write vulnerability in AppleAVD, an audio and video decoding component, that could allow an application to execute arbitrary code with kernel privileges.

This vulnerability is been exploited in-the-wild and we suggest organizations upgrade to macOS Monterey 12.3.1.

Potential MITRE ATT&CK TTPs are:

TA0042: Resource Development

TA0040: Impact

TA0001: Initial Access

TA0002: Execution

TA0003: Persistence

TA0004: Privilege Escalation

TA0005: Defense Evasion

TA0009: Collection

T1588: Obtain Capabilities

T1588.006: Obtain Capabilities: Vulnerabilities

T1190: Exploit Public-Facing Application

T1565: Data Manipulation

T1059: Command and Scripting Interpreter

T1574: Hijack Execution Flow T1005: Data from Local System

Vulnerability Details

Patch Links

https://support.apple.com/en-us/HT213220

References

https://thehackernews.com/2022/03/apple-issues-patches-for-2-actively.html

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox