Apple has patched a major zero-day vulnerability being used in the wild against Mac devices and Apple Watches, the company has confirmed.
As reported by BleepingComputer, an unidentified cybersecurity researcher notified Apple of an out-of-bounds write issue in the AppleAVD (audio and video decoding kernel extension), which was abused by threat actors to execute arbitrary code with elevated privileges.
The flaw (tracked as CVE-2022-22675) was fixed in three separate operating systems – macOS Big Sur 11.6, watchOS 8.6, and tvOS 15.5. Besides macOS endpoints running Big Sur, affected devices include Apple TV 4K devices, Apple TV 4K second-gen devices and Apple TV HD devices, as well as Apple Watch Series 3 or newer.
Keeping crooks in the dark
Apple is being relatively tight-lipped on the flaw, not releasing any additional details. In all likelihood, this is due to the fact that it can be exploited with relative ease, and therefore Apple wants to give admins a head start for patching, before the majority of threat actors pick up on it.
Apple has been hard at work, patching this particular flaw for various devices and operating systems.
A month ago, it was reported that the company released fixes for the same issue for practically all iPhone and iPad models.
At the time, users were urged to update their operating systems to the newest version as soon as possible, which was iOS 15.4.1, iPadOS 15.4.1, and macOS Monterey 12.3.1.
And this is hardly the only zero-day the company addressed recently. In March, Apple fixed CVE-2022-22674, while in January, it patched two zero-days – CVE-2022-2587 and CVE-2022-22594.