For the ninth time this year, Apple has released fixes for a zero-day vulnerability (CVE-2022-42827) exploited by attackers to compromise iPhones.
CVE-2022-42827 is an out-of-bounds write issue in the iOS and iPadOS kernel, which can be exploited to allow a malicious application to execute arbitrary code with kernel privileges.
“Apple is aware of a report that this issue may have been actively exploited,” the company said, though – as per usual – did not offer details about the attack(s).
Reported by an anonymous researcher, the vulnerability has been fixed with improved bounds checking in iOS 16.1 and iPadOS 16, which is available for:
- iPhone 8 and later
- iPad Pro (all models)
- iPad Air 3rd generation and later
- iPad 5th generation and later
- iPad mini 5th generation and later
iOS 16.1 and iPadOS 16 also come with fixes for 19 additional CVE-numbered security issues, including a flaw (CVE-2022-32946) in the Bluetooth component that could allow an app to record audio using a pair of connected AirPods, and many other code execution holes.
Other security updates
Ventura’s is particularly sizeable, with fixes for 113 issues (40 of which are in the Vim text editor).
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.