Apple rolls out emergency patch for gaping security hole in Macs, Watches


Apple has patched a major zero-day vulnerability used in the wild against Mac devices and Apple Watches, the company has confirmed.

As reported by BeepComputeran unidentified cybersecurity researcher has informed Apple of an out-of-bounds write issue in AppleAVD (Audio and Video Decoding Kernel Extension), which has been abused by threat actors to execute arbitrary code with elevated privileges .

The flaw (tracked as CVE-2022-22675) has been patched in three separate operating systems – macOS Big Sur 11.6, watchOS 8.6 and tvOS 15.5. In addition to macOS endpoints running Big Sur, affected devices include Apple TV 4K devices, second-generation Apple TV 4K devices, and Apple TV HD devices, as well as Apple Watch Series 3 or newer.

Keep the crooks in the dark

Apple is relatively tight-lipped about the flaw, releasing no additional details. In all likelihood, this is because it can be exploited with relative ease, and so Apple wants to give admins a head start on patches, before the majority of threat actors notice. .

Apple has worked hard to fix this particular flaw for various devices and operating systems.

A month ago, it was reported that the company released fixes for the same issue for virtually all iPhone and iPad models.

At the time, users were advised to update their operating systems to the latest version as soon as possible, namely iOS 15.4.1, iPadOS 15.4.1 and macOS Monterey 12.3.1.

And that’s not the only zero-day the company has tackled recently. In March Apple patched CVE-2022-22674, while in January it patched two zero days – CVE-2022-2587 and CVE-2022-22594.

See also  Google Chat may tell on you when you're slacking off

Via BleepingComputer

Leave a Comment