A zero-day vulnerability in Macs and Apple watches has been fixed. The vulnerability, assigned the CVE-2022-22675 number, could have been exploited in the wild, Apple said. The flaw was most probably used in targeted attacks. However, applying the update immediately is highly advisable.
CVE-2022-22675 Zero-Day Vulnerability
By definition, a zero-day vulnerability (flaw) is an unknown exploit in the wild leveraging a vulnerability in software or hardware, in this case Apple devices. Such a flaw can create various complications before anyone realizes that something is wrong, thus making it “zero-day.”
The CVE-2022-22675 vulnerability has been described as an out-of-bounds write issue in the AppleAVD component. The latter is a kernel extension used for audio and video decoding. The vulnerability could allow apps to execute arbitrary code with kernel privileges.
The anonymously-reported flaw has been fixed in macOS Big Sur 11.6, watchOS 8.6, and tvOS 15.5 with improved bounds checking.
In April, Apple released emergency patches that fixed two zero-days in Apple’s macOS and iOS (reported anonymously). The company said the flaws were also exploited in the wild. The vulnerabilities were fixed in iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: