Saturday, December 21, 2024

Apple fixes exploited iOS, iPadOS zero-day (CVE-2022-42827)

For the ninth time this year, Apple has released fixes for a zero-day vulnerability (CVE-2022-42827) exploited by attackers to compromise iPhones.

About CVE-2022-42827

CVE-2022-42827 is an out-of-bounds write issue in the iOS and iPadOS kernel, which can be exploited to allow a malicious application to execute arbitrary code with kernel privileges.

“Apple is aware of a report that this issue may have been actively exploited,” the company said, though – as per usual – did not offer details about the attack(s).

Reported by an anonymous researcher, the vulnerability has been fixed with improved bounds checking in iOS 16.1 and iPadOS 16, which is available for:

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  • iPad mini 5th generation and later

iOS 16.1 and iPadOS 16 also come with fixes for 19 additional CVE-numbered security issues, including a flaw (CVE-2022-32946) in the Bluetooth component that could allow an app to record audio using a pair of connected AirPods, and many other code execution holes.

Other security updates

Mac users, whether they are running macOS Big SurMonterey, or Ventura (the latest version of the OS, with new security and privacy features), have also security updates available.

Ventura’s is particularly sizeable, with fixes for 113 issues (40 of which are in the Vim text editor).

Suggest an edit to this article

Cybersecurity Knowledge Base

Latest Cybersecurity News

Cybersecurity Academy

Homepage

source

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose
Recommended:  Former Twitter Employee Convicted as Saudi Spy
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

RiSec.Mitch
Just your average information security researcher from Delaware US.

more infosec reads

Subscribe for weekly updates

explore

more

security