Apple Issues Emergency Fixes For Security Flaws In Millions Of Devices, Patch ASAP

scaled mac hero
May 2022 has not been a good month for operating system updates. Microsoft had a problem with Active Directory and later driver crash blue screens of death (BSoD). Now it appears Apple has zero-day security exploit problems affecting many of its major platforms, including macOS, watchOS, and tvOS.

An emergency fix has been issued for those Apple devices running affected operating systems, and anyone on any of those devices should check again for a new version of their associated operating system and run an update immediately. One major CVE (Common Vulnerabilities and Exposure), affects all devices, as described in CVE-2022-22675. On macOS devices CVE-2022-22674 has also been documented, however, and both of these CVE's create an access out-of-bounds error on memory and enable arbitrary code execution at the kernel level. A kernel level exploit effectively grants access to just about everything on the device. So it's really bad news for anyone who is un-patched and exposed.

macOS update interface
Initial macOS Update Interface

Specific device operating systems that are recommended to be updated and the patched versions are as follows.
If you are on the above versions, then you are up to date and should have the known vulnerabilities already fixed. While the particular vulnerabilities mentioned above are not noted in the Monterrey 12.4 update, it is likely they were also patched there too, or that particular version of the OS is unaffected.

These are not the first CVEs Apple has patched this year. In February there was a particularly nasty set of vulnerabilities that affected iPadOS, iOS, and macOS that Apple also fixed with an update. The two patched here are considered zero-day, as the exploit and the method of exploitation were disclosed publicly. Then bad actors will take advantage of these exploits before the software developer or manufacturer can issue a patch, ultimately maximizing the effectiveness of their schemes.

macOS updating
macOS Updating

Apple did state in their post that they do believe these exploits were utilized and activated "in the wild," but it did not disclose affected devices, or the damage and impact radius.

Obviously, Macs can indeed get viruses and malware. Ironically, it wasn't long ago that Apple's old school marketing machine claims said otherwise. But regardless, if you're a target, especially due to a large install base of devices, you're a target plain and simple.