If you're not familiar with the term, a Zero Day exploit is a security flaw that the software vendor is not aware of and hasn't yet patched.
In many (but not all) cases, Zero Day Vulnerabilities will also have publicly available proof-of-concept exploits before a patch becomes available. Quite often, these flaws are being actively exploited in the wild.
Apple has recently released a security update to address one of these types of flaws that impact Macs and Apple Watches.
In this case, the flaw in question is tracked as CVE-2022-22675. It is an out-of-bounds write issue that allows apps to execute arbitrary code. That's bad enough all by itself, but in this case, it allows an attacker to execute that code with kernel level privileges.
The flaw impacts all macOS Big Sur versions before 11.6 and tvOS devices before 15.5.
So far in 2022, Apple has released security patches addressing five different Zero Day exploits.
Here's a quick summary of those:
- CVE-2022-22587, which allowed attackers to track user IDs and web browsing activity in real time
- CVE-2022-22594, which did the same thing as above
- Then, CVE-2022-22620 was discovered and addressed, which is an exploit used to hack iPads, iPhones, and Macs. This exploit allowed remote code execution and can cause OS crashes
- And in March 2022, two other exploits were addressed. The first, tracked as CVE-2022-22674, is a flaw impacting the Intel Graphics Driver and the second, tracked as CVE-2022-22675, impacted the AppleAVD media decoder.
These five join a long list of Zero-Day exploits the company patched in 2021 that targeted iOS, iPadOS, and macOS devices.
Kudos to the company for their fast action on the Zero-Day front, although the pace of discovery of these types of exploits is distressing to say the least.
In any case, if you own a Mac or an Apple device that uses tvOS, be sure you patch to the latest version right away to minimize your risk.
________________________________________________________________________________________________________
"Fortune Favors Who Value Time over Money!"
"TeQ I.Q. was the 1st IT Company to Deliver Cloud Solutions since 2003"
Tech issues taking up your Time?
"TeQ I.Q. Makes Your Technology Simple and Easy"
Do you have Tech Frustrations like your Computer, Internet, Phone, Cellphone, Camera, TV, Car?
"We Take Away Your Tech Frustrations and Give You the Free Time You Deserve!"
Call Robert to ask all your Technology questions.
We are giving a Free in Person TeQ Seminar at our office in La Mesa every Wednesday from 12pm-1pm and a Free TeQ Support Q&A from 1pm-2pm. Go to https://www.teqiq.com/events for our upcoming Events and https://www.teqiq.com/seminars for info on each Seminar.
For Free Consultation Call Now Robert Black at (619) 255-4180 or visit our website https://www.teqiq.com/
Chase Bank and Others Trust TeQ I.Q. with their IT and TeQnology so can you!
