Apple Patches Another Actively Exploited iOS, iPadOS Zero-Day
The zero-day flaw impacts iPhone 8 models and later, as well as all iPad Pro models.
Apple on has released patches for a zero-day flaw in iOS and iPadOS that it says has been actively exploited in the wild.
“Apple is aware of a report that this issue may have been actively exploited,” the company said in documentation about the security updates without providing details about any attack.
The out-of-bounds write issue in the kernel, CVE-2022-42827, could enable an attacker to execute code with the highest privileges at the most fundamental level of the operating system.
Out-of-bounds write flaws allow applications to write data outside the intended buffer in memory, which can result in data corruption, crashes, and other unexpected behavior.
Apple has patched the zero-day vulnerability in iOS 16.1 and iPadOS 16. Apple’s latest patch improves memory handling in the following devices running those OSes:
- iPhone 8 and later
- iPad Pro (all models)
- iPad Air 3rd generation and later
- iPad 5th generation and later
- iPad mini 5th generation and later
This is the ninth zero-day bug to be fixed by Apple this year.
In January, it released updates for iOS 15 and iPadOS 15 that fixed, among other flaws, a buffer overflow issue that let an app execute arbitrary code with kernel privileges.
In February, Apple patched another actively exploited zero-day in WebKit that that is allowed threat actors to execute arbitrary code to compromise iPads, iPhones and MacOS devices.
And in August the company released patches for another bug CVE-2022-32894 affecting the kernel, which could allow attackers to take control of the device; and in September another zero day CVE-2022-32917 affecting iPhones and iPads was fixed.
This article originally appeared on CRN’s sister site, Computing.