Apple fixes new zero-day used in attacks against iPhones, iPads
Reading Time: 3 Minutes
Apple has fixed the ninth zero-day vulnerability used in attacks against iPhones since the start of the year.
Apple revealed in an advisory today that it’s aware of reports saying the security flaw “may have been actively exploited.”
The bug (CVE-2022-42827) is an out-of-bounds write issue reported to Apple by an anonymous researcher and caused by software writing data outside the boundaries of the current memory buffer.
This can result in data corruption, application crashes, or code execution because of undefined or unexpected results (also known as memory corruption) resulting from subsequent data written to the buffer.
As Apple explains, if successfully exploited in attacks, this zero-day could have been used by potential attackers to execute arbitrary code with kernel privileges.
The complete list of impacted devices includes iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
Apple addressed the zero-day vulnerability in iOS 16.1 and iPadOS 16 with improved bounds checking.
See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course
Patch your iPhones and iPads
While Apple has disclosed that it knows of active exploitation reports of this vulnerability in the wild, it has yet to release any information regarding these attacks.
This will likely allow Apple customers to patch their devices before more attackers develop additional exploits and start using them in attacks targeting vulnerable iPhones and iPads.
Even though this zero-day bug was most likely only used in highly-targeted attacks, installing today’s security updates is strongly recommended to block any attack attempts.
Trending: Offensive Security Tool: Monkey365
This is the ninth zero-day fixed by Apple since the start of the year:
- In September, Apple addressed a flaw in the iOS Kernel (CVE-2022-32917).
- In August, it fixed two more zero-days in the iOS Kernel (CVE-2022-32894) and WebKit (CVE-2022-32893)
- In March, Apple patched two zero-day in the Intel Graphics Driver (CVE-2022-22674) and AppleAVD (CVE-2022-22675).
- In February, Apple released security updates to address another WebKit zero-day bug exploited to target iPhones, iPads, and Macs.
- In January, Apple patched another pair of zero-days allowing code execution with kernel privileges (CVE-2022-22587) and web browsing activity tracking (CVE-2022-22594).
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
