Apple patches another actively exploited iOS and iPadOS zero-day
The ninth this year
Apple on has released patches for a zero-day flaw in iOS and iPadOS which has been actively exploited in the wild.
"Apple is aware of a report that this issue may have been actively exploited," the company said, although as usual it did not provide details about any attack.
The out-of-bounds write issue in the kernel, CVE-2022-42827, could enable an attacker to execute code with the highest privileges at the most fundamental level of the operating system.
Out-of-bounds write flaws allow applications to write data outside the intended buffer in memory, which can result in data corruption, crashes, and other unexpected behaviour.
Apple has patched the zero-day vulnerability in iOS 16.1 and iPadOS 16. Apple's latest patch improves memory handling in the following devices running those OSs.
- iPhone 8 and later
- iPad Pro (all models)
- iPad Air 3rd generation and later
- iPad 5th generation and later
- iPad mini 5th generation and later
This is the ninth-zero day bug to be fixed by Apple this year.
In January, it released updates for iOS 15 and iPadOS 15 that fixed, among other flaws, a buffer overflow issue that let an app execute arbitrary code with kernel privileges.
In February, Apple patched another actively exploited zero-day in WebKit that that is allowed threat actors to execute arbitrary code to compromise iPads, iPhones and MacOS devices.
And in August the company released patches for another bug CVE-2022-32894 affecting the kernel, which could allow attackers to take control of the device https://www.computing.co.uk/news/4055053/apple-patches-security-flaws; and in September another zero day CVE-2022-32917 affecting iPhones and iPads was fixed.