Threat Advisories:
Sitecore Zero-Day Powers Reconnaissance Malware TP-Link Router End-of-Service Models Exploited in Botnet Operation GhostRedirector Targets Windows Servers Globally for SEO Fraud CVE-2025-55177: WhatsApp Zero-Click Flaw Used in Targeted Campaigns Experimental AI Ransomware PromptLock Sparks Security Concerns NightSpire Ransomware Expands Reach with Aggressive Extortion Deadlines Operation HanKook Phantom: APT37’s Stealthy Espionage Campaign Storm-0501’s Shift to Cloud-Native Ransomware Salt Typhoon Cyber Attacks Hit 200 Organizations in the United States CVE-2025-7775: Actively Exploited Critical Flaw in Citrix NetScaler ZipLine Campaign Spins Web Around U.S. Supply Chain Manufacturers with MixShell August 2025 Linux Patch Roundup New SHAMOS Stealer Exploits One-Line Commands on macOS QuirkyLoader: A Silent Enabler of Modern Malware Families CVE-2025-43300: Zero-Day in Apple Image I/O Exploited in Targeted Attacks Static Tundra Fuels Espionage Campaigns Through an Old Cisco Bug Crypto24 Ransomware Disrupts Businesses Using Custom EDR Bypass GodRAT Reloaded: Legacy Code, Modern Tactics Noodlophile Stealer Advances with Obfuscation, Social Media Deception PS1Bot: The Modular Malware Lurking Behind Malvertising
🎧 Hive Force Labs: Critical Threats Affecting You This Week - 5 Minute Audio Intelligence Report
👥 Play Count: Loading...
Partner Program
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Case Studies
Whitepapers
Press Releases
connect
Webinars & Videos
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoThreat Digest - Subscribe
Platform
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Case Studies
Whitepapers
Press Releases
connect
Webinars & Videos
Company
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoThreat Digest - Subscribe

Two Vulnerabilities affecting Apple macOS exploited-in-the-wild

Threat Level – Amber | Vulnerability Report
Download PDF

THREAT LEVEL: Red

Two zero-day vulnerabilities were discovered in macOS Monterey versions prior to 12.3.1. These new issues bring the total number of zero-day vulnerabilities discovered in the Apple ecosystem to four.

CVE-2022-22674 is an out-of-bounds read vulnerability in the Intel Graphics Driver module that could allow a malicious actor to read kernel memory. CVE-2022-22675 is defined as an out-of-bounds write vulnerability in AppleAVD, an audio and video decoding component, that could allow an application to execute arbitrary code with kernel privileges.

This vulnerability is been exploited in-the-wild and we suggest organizations upgrade to macOS Monterey 12.3.1.

Potential MITRE ATT&CK TTPs are:

TA0042: Resource Development

TA0040: Impact

TA0001: Initial Access

TA0002: Execution

TA0003: Persistence

TA0004: Privilege Escalation

TA0005: Defense Evasion

TA0009: Collection

T1588: Obtain Capabilities

T1588.006: Obtain Capabilities: Vulnerabilities

T1190: Exploit Public-Facing Application

T1565: Data Manipulation

T1059: Command and Scripting Interpreter

T1574: Hijack Execution Flow T1005: Data from Local System

Vulnerability Details

Patch Links

https://support.apple.com/en-us/HT213220

References

https://thehackernews.com/2022/03/apple-issues-patches-for-2-actively.html

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox