The vulnerability CVE-2022-22675 has been reported in Apple’s system by an unknown security researcher. Apple released security updates to address the Zero-Day vulnerability that threatened actors can exploit in attacks targeting Macs and Apple Watch.
Apple acknowledged Monday that it was aware of reports that this security flaw “may have been actively exploited” in a series of security warnings issued that day.
Apple CVE-2022-22675 problem
Apple’s CVE-2022-22675 vulnerability has been reported and discovered since April. It formerly affected many Apple products, such as the iPhone, Ipad, and Mac.
Details and patches for this vulnerability were first announced in April. On the other hand, Apple has just released a fix for the vulnerability that has been actively exploited in its Mac and Apple Watch devices.
As reported by Bleeping Computer , the Apple vulnerability is an out-of-bounds write issue (CVE-2022-22675) in AppleAVD, a kernel extension for audio and video decoding. This issue allows applications to execute arbitrary code with kernel privileges.
Apple constant the bug by adding better border checking to macOS Big Sur 11.6, watchOS 8.6 and tvOS 15.5.
Where the error was found by unnamed researchers, who then told Apple about it.
Apple Watch Series 3 and later, Macs running macOS Big Sur, Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD are all on the list of affected devices.
The company will likely try to allow security updates to arrive as many Apple Watches and Macs as possible before attackers pick up the details of the Zero-Day vulnerability and start spreading the exploits into other attacks. This is why the company is withholding information about the vulnerability.
A zero-day vulnerability is a security vulnerability that can be exploited the same day it is discovered in an operating system, software, or hardware. In short, it is known as a security vulnerability.
These cyber vulnerabilities are immediately addressed by companies as this can lead to massive data exploitation from malicious threat actors. The term “zero” refers to the number of days developers have to address security vulnerabilities, either by releasing a patch or proposing a workaround.
These vulnerabilities are usually brought to the public’s attention to prevent malware from successfully exploiting one of them in order to compromise a product, a computer, or a network connected to a computer.
In addition, in February Apple also discovered a new vulnerability (CVE-2022-22620) that hackers exploited to compromise iPhones, iPads, and Macs. This bug causes operating system crashes on vulnerable Apple devices and allows remote code execution