"Apple Releases Emergency Update That Addresses Zero-Day Flaw Exploited to Attack Macs And Watches"
Apple has released security updates to fix a zero-day vulnerability that attackers can use to target Macs and Apple Watch devices. AppleAVD (a kernel extension for audio and video decoding) has an out-of-bounds write vulnerability that allows apps to run arbitrary code with kernel privileges. Apple indicated in security advisories issued on Monday that it is aware that this security hole may have been actively exploited. After anonymous researchers identified and reported the flaw, Apple added better bounds checking to macOS Big Sur 11.6., watchOS 8.6, and tvOS 15.5 to fix it. The flaw impacts Apple Watch Series 3 and later, macOS Big Sur-running Macs, Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD. Although Apple recognized active exploitation in the wild, it did not disclose any additional details about the attacks. By delaying information, Apple is apparently hoping to issue security patches to as many Apple Watches and Macs as possible before attackers learn about the zero-day vulnerabilities and exploit them in future cyberattacks. While this zero-day flaw was most likely only used in targeted attacks, it is still important to apply the latest macOS and watchOS security fixes as soon as possible to avoid attacks. Apple patched two other zero-day vulnerabilities in January, which allowed attackers to execute arbitrary code with kernel privileges and track online browsing activities and user identities in real-time. One month later, Apple released security updates to address a zero-day vulnerability that may be exploited to cause OS failures and Remote Code Execution (RCE) on iPhones, iPads, and Macs. This article continues to discuss the emergency security fixes released by Apple to address a new zero-day vulnerability and other zero-day flaws addressed by the company this year.