Connect with us

Business

Apple fixes exploited iOS, iPadOS zero-day (CVE-2022-42827)

Published

on

For the ninth time this year, Apple has released fixes for a zero-day vulnerability (CVE-2022-42827) exploited by attackers to compromise iPhones.

CVE-2022-42827

About CVE-2022-42827

CVE-2022-42827 is an out-of-bounds write issue in the iOS and iPadOS kernel, which can be exploited to allow a malicious application to execute arbitrary code with kernel privileges.

“Apple is aware of a report that this issue may have been actively exploited,” the company said, though – as per usual – did not offer details about the attack(s).

Reported by an anonymous researcher, the vulnerability has been fixed with improved bounds checking in iOS 16.1 and iPadOS 16, which is available for:

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  • iPad mini 5th generation and later

iOS 16.1 and iPadOS 16 also come with fixes for 19 additional CVE-numbered security issues, including a flaw (CVE-2022-32946) in the Bluetooth component that could allow an app to record audio using a pair of connected AirPods, and many other code execution holes.

Other security updates

Mac users, whether they are running macOS Big SurMonterey, or Ventura (the latest version of the OS, with new security and privacy features), have also security updates available.

Ventura’s is particularly sizeable, with fixes for 113 issues (40 of which are in the Vim text editor).

SafaritvOS and watchOS security updates have also been released.

Source: https://www.helpnetsecurity.com/2022/10/25/cve-2022-42827/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO