Tweet
Apple has patched a major zero-day vulnerability being used in the wild against Mac devices and Apple Watches, the company has confirmed.
As reported by BleepingComputer, an unidentified cybersecurity researcher notified Apple of an out-of-bounds write issue in the AppleAVD (audio and video decoding kernel extension), which was abused by threat actors to execute arbitrary code with elevated privileges.
The flaw (tracked as CVE-2022-22675) was fixed in three separate operating systems - macOS Big Sur 11.6, watchOS 8.6, and tvOS 15.5. Besides macOS endpoints running Big Sur, affected devices include Apple TV 4K devices, Apple TV 4K second-gen devices and Apple TV HD devices, as well as Apple Watch Series 3 or newer.
https://cdn.mos.cms.futurecdn.net/ybbmQ8p4Q999AkMWkW8HLm.jpg
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.
[HEADING=1]Keeping crooks in the dark[/HEADING]
Apple is being relatively tight-lipped on the flaw, not releasing any additional details. In all likelihood, this is due to the fact that it can be exploited with relative ease, and therefore Apple wants to give admins a head start for patching, before the majority of threat actors pick up on it.
Apple has been hard at work, patching this particular flaw for various devices and operating systems.
Read more
A month ago, it was reported that the company released fixes for the same issue for practically all iPhone and iPad models.
At the time, users were urged to update their operating systems to the newest version as soon as possible, which was iOS 15.4.1, iPadOS 15.4.1, and macOS Monterey 12.3.1.
And this is hardly the only zero-day the company addressed recently. In March, Apple fixed CVE-2022-22674, while in January, it patched two zero-days - CVE-2022-2587 and CVE-2022-22594.
[ul]
[li]Keep your Macs safe from threats with the best antivirus software around[/li][/ul]
Via BleepingComputer
Continue reading…
As reported by BleepingComputer, an unidentified cybersecurity researcher notified Apple of an out-of-bounds write issue in the AppleAVD (audio and video decoding kernel extension), which was abused by threat actors to execute arbitrary code with elevated privileges.
The flaw (tracked as CVE-2022-22675) was fixed in three separate operating systems - macOS Big Sur 11.6, watchOS 8.6, and tvOS 15.5. Besides macOS endpoints running Big Sur, affected devices include Apple TV 4K devices, Apple TV 4K second-gen devices and Apple TV HD devices, as well as Apple Watch Series 3 or newer.
https://cdn.mos.cms.futurecdn.net/ybbmQ8p4Q999AkMWkW8HLm.jpg
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.
[HEADING=1]Keeping crooks in the dark[/HEADING]
Apple is being relatively tight-lipped on the flaw, not releasing any additional details. In all likelihood, this is due to the fact that it can be exploited with relative ease, and therefore Apple wants to give admins a head start for patching, before the majority of threat actors pick up on it.
Apple has been hard at work, patching this particular flaw for various devices and operating systems.
Read more
Apple just patched a whole load of iPad, macOS and iPhone security bugs, so update now
Apple apologizes for slow reply to iOS 15 zero-days
Apple releases urgent security fix for iPhone and Mac devices
Apple apologizes for slow reply to iOS 15 zero-days
Apple releases urgent security fix for iPhone and Mac devices
At the time, users were urged to update their operating systems to the newest version as soon as possible, which was iOS 15.4.1, iPadOS 15.4.1, and macOS Monterey 12.3.1.
And this is hardly the only zero-day the company addressed recently. In March, Apple fixed CVE-2022-22674, while in January, it patched two zero-days - CVE-2022-2587 and CVE-2022-22594.
[ul]
[li]Keep your Macs safe from threats with the best antivirus software around[/li][/ul]
Via BleepingComputer
Continue reading…