This bug causes the operating system on compromised Apple devices to crash and allows remote code execution In addition to that, Apple also detected in February a new zero-day vulnerability (CVE-2022-22620) that hackers exploited to hack iPhones, iPads, and Macs. These vulnerabilities, which have been exploited in the wild, allowed attackers to gain arbitrary code execution with kernel privileges (CVE-2022-22587) and track web browsing activity and user identities in real time (CVE-2022-22594). As reported by Bleeping Computer, Apple released patches for two additional zero-day vulnerabilities in January. These vulnerabilities are usually brought to the attention of the general public to prevent malicious programs from successfully exploiting one of them in order to compromise a product, computer, or network that is connected to a computer.Īpple has been detecting multiple zero-day vulnerabilities in their operating system recently.
The term "zero" refers to the number of days that developers have to address the vulnerabilities, either by releasing a patch or suggesting a workaround. These cybersecurity vulnerabilities are immediately addressed by companies' since this can result in a massive exploitation of data from malicious threat actors. In short, it is known as a security flaw.
Read Also: Here are the iOS 16 Rumors Going Around the Internet: Features, Release Date, and More Apple's Zero-day VulnerabilityĪ zero-day exploit is a security vulnerability that can possibly be exploited on the same day it is discovered in an operating system, software, or hardware. This is why the company is withholding information about the vulnerability. The company is likely trying to allow the security updates to reach as many Apple Watches and Macs as possible before attackers pick up on the details of the zero-day vulnerability and start deploying exploits in other attacks. This is done for the protection of Apple's customers.
The Apple Watch Series 3 and later, Macs running macOS Big Sur, Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD are all on the list of affected devices.Įven though Apple said it knew about reports of active exploits in the wild, the company didn't say anything else about these attacks.Īpple does not disclose, discuss, or confirm security issues before an investigation has been completed and patches or releases are available. The bug was found by unnamed researchers, who then told Apple about it. This issue enables applications to execute arbitrary code with kernel privileges.Īpple fixed the bug by adding better bounds checking to macOS Big Sur 11.6, watchOS 8.6, and tvOS 15.5. Apple, on the other hand, has just released a fix for the security flaw that was actively exploited in its Macs and Apple Watches.Īs reported by Bleeping Computer, Apple's vulnerability is an out-of-bounds write issue (CVE-2022-22675) in the AppleAVD, which is a kernel extension for audio and video decoding. The details and patches of this vulnerability were made public for the first time in April. It has previously affected multiple Apple products, such as the iPhone, Ipad, and Mac devices. Apple's CVE-2022-22675 ProblemĪpple's CVE-2022-22675 vulnerability has been reported and detected ever since April. Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices.Īpple acknowledged on Monday that they were aware of reports that this security flaw "may have been actively exploited" in a series of security advisories that were released that day. The CVE-2022-22675 vulnerability in Apple's system has been reported by an unknown security researcher. Apple's zero-day vulnerability has been detected to exploit Mac and Apple Watch devices.