Apple has issued an emergency security update for Mac, TV and Watch users which comes with a warning that the company is “aware of a report that this issue may have been actively exploited.” The 0-day, or zero-day if you prefer, vulnerability has the potential to impact users of macOS Big Sur 11, tvOS 15 and watchOS 8.
What is CVE-2022-22675?
The critical update, which has yet to be assigned a Common Vulnerabilities and Exposures (CVE) severity rating (it’s not unusual for details to be ‘reserved’ relating to zero-day vulnerabilities while updates are distributed) has been given the reference CVE-2022-22675. What little detail is known currently is that the vulnerability could allow an app to execute arbitrary code and do so with kernel privileges. CVE-2022-22675 sits within the ‘AppleAVD’ kernel extension that enables audio and video decoding of High Efficiency Video Coding (HEVC), H.264, and VP9 formats.
Update your Mac, TV and Watch now
All users are advised to update as soon as possible because when news of a 0-day such as this breaks publicly, attackers know the threat window will start to close. They are likely to accelerate attacks on targets where possible, while that window remains open.
Your best defense is, therefore, to shut it and bolt the thing down.
So, if you use an Apple Mac running Big Sur, Apple TV 4K, Apple TV 4K (2nd gen), Apple TV HD or an Apple Watch Series 3 or later, you know what to do!
iPhone and iPad users also need to update iOS quickly
None of the security vulnerabilities patched by the iOS 15.5 update are of the zero-day variety, and none are known to have been exploited by threat actors at this point. However, a total of 34 security vulnerabilities have been disclosed and patched in the massive iPhone security update, so iOS users should also get their updating freak on…