Apple has eliminated a major zero-day vulnerability used in the wild Mac devices and Apple Watches, the company confirmed.
As reported BleepingComputerAn unknown cybersecurity researcher has reported to Apple about the problem of recording outside of AppleAVD (expanding the core of audio and video decoding), which was abused by subjects of threats to execute arbitrary code with increased privileges.
The bug (tracked as CVE-2022-22675) has been fixed in three separate operating systems – macOS Big Sur 11.6, watchOS 8.6 and tvOS 15.5. Except macOS endpoints Run by Big Sur, affected devices include Apple TV 4K, Apple TV 4K second generation and Apple TV HD, as well as Apple Watch Series 3 or later.
Keep crooks in the dark
Apple is relatively silent about the flaw, without revealing any additional details. In all likelihood, this is due to the fact that they can be used relatively easily, and so Apple wants to give administrators a head start for patchingbefore most threat subjects pick it up.
Apple has worked hard to fix this flaw for various devices and operating systems.
A month ago, it was reported that the company had released fixes for the same problem for virtually all iPhone and iPad models.
At the time, users were urged to upgrade their operating systems to the latest version, which was iOS 15.4.1, iPadOS 15.4.1 and macOS Monterey 12.3.1.
And this is hardly the only zero day the company has been dealing with lately. In March, Apple fixed CVE-2022-22674, and in January fixed two zero days – CVE-2022-2587 and CVE-2022-22594.
Through BleepingComputer
https://www.techradar.com/news/apple-rolls-out-emergency-patch-for-gaping-security-hole-in-macs-watches/
