Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

A zero-day vulnerability tracked as CVE-2022-22675, is an out-of-bounds write issue in the AppleAVD (a kernel extension for audio and video decoding) that allows applications to execute arbitrary code with kernel privileges.

Remediation advice

Affected organisations are encouraged to review the following Apple security advisory and apply any relevant updates or workarounds.

Remediation steps

Type	Step
Patch	Safari 15.5 https://support.apple.com/en-gb/HT213260
Patch	tvOS 15.5 https://support.apple.com/en-gb/HT213254
Patch	Xcode 13.4 https://support.apple.com/en-gb/HT213261
Patch	macOsS Catalina Security Update 2022-004 https://support.apple.com/en-gb/HT213255
Patch	macOS Big Sur 11.6.6 https://support.apple.com/en-gb/HT213256
Patch	macOS Monterey 12.4 https://support.apple.com/en-gb/HT213257
Patch	iOS 15.5 and iPadOS 15.5 https://support.apple.com/en-gb/HT213258
Patch	watchOS 8.6 https://support.apple.com/en-gb/HT213253

Definitive source of threat updates

https://support.apple.com/en-us/HT201222

CVE Vulnerabilities

Status Reserved

CVE-2022-22675

Last edited: 17 May 2022 3:53 pm