Apple Issues Emergency Fixes For Security Flaws In Millions Of Devices, Patch ASAP
An emergency fix has been issued for those Apple devices running affected operating systems, and anyone on any of those devices should check again for a new version of their associated operating system and run an update immediately. One major CVE (Common Vulnerabilities and Exposure), affects all devices, as described in CVE-2022-22675. On macOS devices CVE-2022-22674 has also been documented, however, and both of these CVE's create an access out-of-bounds error on memory and enable arbitrary code execution at the kernel level. A kernel level exploit effectively grants access to just about everything on the device. So it's really bad news for anyone who is un-patched and exposed.
Initial macOS Update Interface
If you are on the above versions, then you are up to date and should have the known vulnerabilities already fixed. While the particular vulnerabilities mentioned above are not noted in the Monterrey 12.4 update, it is likely they were also patched there too, or that particular version of the OS is unaffected.
These are not the first CVEs Apple has patched this year. In February there was a particularly nasty set of vulnerabilities that affected iPadOS, iOS, and macOS that Apple also fixed with an update. The two patched here are considered zero-day, as the exploit and the method of exploitation were disclosed publicly. Then bad actors will take advantage of these exploits before the software developer or manufacturer can issue a patch, ultimately maximizing the effectiveness of their schemes.
macOS Updating
Obviously, Macs can indeed get viruses and malware. Ironically, it wasn't long ago that Apple's old school marketing machine claims said otherwise. But regardless, if you're a target, especially due to a large install base of devices, you're a target plain and simple.
