Blog

Update Addresses Zero Day Exploit For Some Apple Devices

Jun 9, 2022 | Blog

If you’re not familiar with the term, a Zero Day exploit is a security flaw that the software vendor is not aware of and hasn’t yet patched.

In many (but not all) cases, Zero Day Vulnerabilities will also have publicly available proof-of-concept exploits before a patch becomes available.  Quite often, these flaws are being actively exploited in the wild.

Apple has recently released a security update to address one of these types of flaws that impact Macs and Apple Watches.

In this case, the flaw in question is tracked as CVE-2022-22675. It is an out-of-bounds write issue that allows apps to execute arbitrary code.  That’s bad enough all by itself, but in this case, it allows an attacker to execute that code with kernel level privileges.

The flaw impacts all macOS Big Sur versions before 11.6 and tvOS devices before 15.5.

So far in 2022, Apple has released security patches addressing five different Zero Day exploits.

Here’s a quick summary of those:

  • CVE-2022-22587, which allowed attackers to track user IDs and web browsing activity in real time
  • CVE-2022-22594, which did the same thing as above
  • Then, CVE-2022-22620 was discovered and addressed, which is an exploit used to hack iPads, iPhones, and Macs. This exploit allowed remote code execution and can cause OS crashes
  • And in March 2022, two other exploits were addressed. The first, tracked as CVE-2022-22674, is a flaw impacting the Intel Graphics Driver and the second, tracked as CVE-2022-22675, impacted the AppleAVD media decoder.

These five join a long list of Zero-Day exploits the company patched in 2021 that targeted iOS, iPadOS, and macOS devices.

Kudos to the company for their fast action on the Zero-Day front, although the pace of discovery of these types of exploits is distressing to say the least.

In any case, if you own a Mac or an Apple device that uses tvOS, be sure you patch to the latest version right away to minimize your risk.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech