Apple rolls out emergency patch for gaping security hole in Macs, Watches

The security flaw was being abused in the wild

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Applehas patched a major zero-day vulnerability being used in the wild againstMac devicesand Apple Watches, the company has confirmed.

As reported byBleepingComputer, an unidentified cybersecurity researcher notified Apple of an out-of-bounds write issue in the AppleAVD (audio and video decoding kernel extension), which was abused by threat actors to execute arbitrary code with elevated privileges.

The flaw (tracked as CVE-2022-22675) was fixed in three separateoperating systems- macOS Big Sur 11.6, watchOS 8.6, and tvOS 15.5. Besides macOSendpointsrunning Big Sur, affected devices include Apple TV 4K devices, Apple TV 4K second-gen devices and Apple TV HD devices, as well as Apple Watch Series 3 or newer.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

Keeping crooks in the dark

Apple is being relatively tight-lipped on the flaw, not releasing any additional details. In all likelihood, this is due to the fact that it can be exploited with relative ease, and therefore Apple wants to give admins a head start forpatching, before the majority of threat actors pick up on it.

Apple has been hard at work, patching this particular flaw for various devices and operating systems.

Apple just patched a whole load of iPad, macOS and iPhone security bugs, so update now>Apple apologizes for slow reply to iOS 15 zero-days>Apple releases urgent security fix for iPhone and Mac devices

A month ago, it was reported that the company released fixes for the same issue for practically all iPhone and iPad models.

At the time, users were urged to update their operating systems to the newest version as soon as possible, which was iOS 15.4.1, iPadOS 15.4.1, and macOS Monterey 12.3.1.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

And this is hardly the only zero-day the company addressed recently. In March, Apple fixed CVE-2022-22674, while in January, it patched two zero-days - CVE-2022-2587 and CVE-2022-22594.

ViaBleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

iStorage Group acquires Kanguru Solutions as it looks to expand security offering