05/17/2022 – UPDATED
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.
Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.
There are currently no reports of these vulnerabilities being exploited in the wild.
May 17th – UPDATED THREAT INTELLIGENCE:
Apple is aware CVE-2022-22675 is currently being exploited in the wild.
Home users: Low
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution in the context of the affected user. Following the MITRE ATT&CK framework, exploitation of these vulnerabilities can be classified as follows:
Tactic: Execution (TA0002):
Technique: Native API (T1106):
Technique: Exploitation for Client Execution (T1203):
Tactic: Privilege Escalation (TA0029):
Technique: Process Injection (T1055):