If you’re not familiar with the term, a Zero Day exploit is a security flaw that the software vendor is not aware of and hasn’t yet patched.
In many (but not all) cases, Zero Day Vulnerabilities will also have publicly available proof-of-concept exploits before a patch becomes available. Quite often, these flaws are being actively exploited in the wild.
Apple has recently released a security update to address one of these types of flaws that impact Macs and Apple Watches.
In this case, the flaw in question is tracked as CVE-2022-22675. It is an out-of-bounds write issue that allows apps to execute arbitrary code. That’s bad enough all by itself, but in this case, it allows an attacker to execute that code with kernel level privileges.
The flaw impacts all macOS Big Sur versions before 11.6 and tvOS devices before 15.5.
So far in 2022, Apple has released security patches addressing five different Zero Day exploits.
Here’s a quick summary of those:
These five join a long list of Zero-Day exploits the company patched in 2021 that targeted iOS, iPadOS, and macOS devices.
Kudos to the company for their fast action on the Zero-Day front, although the pace of discovery of these types of exploits is distressing to say the least.
In any case, if you own a Mac or an Apple device that uses tvOS, be sure you patch to the latest version right away to minimize your risk.